|
|
|
|
|
|
by avgcorrection
844 days ago
|
|
|
The private key that I would hypothetically sign commits with? Then signing commits is compromised too. I’m not sure what point you’re making. On the other hand if I don’t sign my commits then any signed commits (from my stolen private key (SSH)) look out of place. Like it’s weird that all these malicious commits are also signed, even though I have never signed commits. |
|
|
Yes. If someone has your private key they can sign commits as you. I’m not sure how I can put this more plainly.