|
|
|
|
|
|
by fragmede
844 days ago
|
|
|
> But a signed commit really just means that whoever created it could run a CLI tool on your computer. "just" is doing a lot of work there. Someone running their code on your computer is a big deal! Hopefully it's benign and sandboxed, in the case of webpages and JavaScript, but if an attacker is running code, be it a cli tool or otherwise, on your computer, you should be really worried. If somebody is signing git commits under your name on your computer, they could just as easily wait until you login to your bank's website and steal your money. |
|
|