The Good, the Better, and the Ugly - Signing Git Commits
Being involved in various projects with a high cadence of commits every day makes it easier for bad actors to try and slip in nasty stuff - if we don’t sign our commits, that is. Recently, a few stories about spoofed commits made it into my Twitter feed, namely by Eddie Jaoude and David Flanagan, aka rawkode: This why you MUST sign your commits!! So when someone tries to spoof your git commits, it clearly shows "unverified" and you know not to trust it Big thank you to @intrigus_ who showed me from the GitHub logs we can see who it is - I have reported this repo and user to GitHub pic.twitter.com/kvluaNPDt1 ...