Monday, August 1, 2022 · 3 minute read
       
       Why Sign Commits?  Why should you sign your commits?
         Preface I recently read this article [0] by Alessandro Segala about why I 
       Identify Theft Identify theft is not a joke [1].
       The FTC in their 2021 edition of the CSN Annual Data Book [2] reported that 
       This article focusses around git [3] and online version control systems (VCS
       It is not only possible, but increadibly easy to sign a commit under a diffe
       The Dangers of Developer Identity Theft The biggest threat to a developer wh
       A malicious attacker who signs off on infected, poorly written, or malformed
       A malicious attacker could publish commits that actively ruin existing featu
       Benefits of Signing To combat this, git allows for individuals to sign their
       This allows for a number of benefits:
        Commits in the git history that are signed have metadata attached to them s
       Setting up signed commits was trivial, and there were plenty of guides [0] [
       I strongly encourage all developers to sign their commits in order to improv
        Citations 
       
 (HTM) 0. https://withblue.ink/2020/05/17/how-and-why-to-sign-git-commits.html
       
 (HTM) 1. https://tinyurl.com/yjbxpajr
       
 (HTM) 2. https://www.ftc.gov/system/files/ftc_gov/pdf/CSN%20Annual%20Data%20Book%202021%20Final%20PDF.pdf
       
 (HTM) 3. https://git-scm.com
       
 (HTM) 4. https://huggingface.co/docs/hub/security-gpg
       
 (HTM) 5. https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits
       
       ____________________________________________________________________________
                              Gophered by Gophernicus/3.0.1 on Ubuntu/22.04 x86_64