My Commits and Tags Are Now Signed
Announcement I’m now signing my git commit and tags with an SSH key. Details of the fingerprint can be found in the security document. It says that commit after 2024-01-01 are going to be signed, because I’m starting now on one machine and I will propagate the configuration over the next few days to other machines. Why Why bother with cryptographic signatures? Anyone can pretend to be me. They just need to write my name and email in the author fields of a commit message. However1, I’m the only one able to produce signatures with that particular public key. This will help to check that I’m actually the author of the commits and tags you rely on when using my code. ...