The Good, the Better, and the Ugly - Signing Git Commits
Being involved in various projects with a high cadence of commits every day makes it easier for bad actors to try and slip in nasty stuff - if we don’t sign our commits, that is. Recently, a few stories about spoofed commits made it into my Twitter feed, namely by Eddie Jaoude and David Flanagan, aka rawkode: This why you MUST sign your commits!! So when someone tries to spoof your git commits, it clearly shows "unverified" and you know not to trust it...