|
|
|
|
|
|
by adityasaky
970 days ago
|
|
|
> does it also filter/escape ANSI Sequences in messages and author names? Not at present! Do you have a link or so I could use to familiarize myself? I'm curious if and how it'd fall within gittuf's scope. > does it block garbage collection? Nope, it doesn't. That said, the repository will have more objects, gittuf tracks additional objects through custom refs in `refs/gittuf/`. > how do you ensure that the developers are really the developers and there's no spoofing? At present, gittuf policies use signing keys. It doesn't rely on the commit metadata for author and committer but rather the commit's signature. We support GPG and Sigstore's gitsign [0] right now, and we want to support other signing mechanisms like SSH keys as well. [0] https://github.com/sigstore/gitsign |
|
|