https://podvader.com/posts/Recent content in Posts on PodVaderHugoenSat, 09 Mar 2024 00:00:00 +0000https://podvader.com/posts/signed-git-commits.-why-and-how/Sat, 09 Mar 2024 00:00:00 +0000https://podvader.com/posts/signed-git-commits.-why-and-how/<p>Signed Git commits offer an extra layer of security in the development process. By digitally signing your commits, you and others can verify the authenticity, integrity, and origin of the code changes.</p> <p>We will explore what signed Git commits are, why you want them signed and how to actually sign commits.</p> <h1 id="why-sign-commits"> Why Sign Commits? <a class="heading-link" href="#why-sign-commits"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h1> <p>When working in a team, anyone with sufficient permissions can push code to a repository. While it is true that you&rsquo;d need to be authenticated while doing so, this does not guarantee that the pushed commits were generated by the person pushing them. Anyone could just change their <code>user.name</code> and <code>user.email</code> to match yours and commit code with abysmal variable names, effectively impersonating you.</p>