Sign your Git Commits
1 min read

Sign your Git Commits

Sign your Git Commits

but Why?
well, Isn't it looking cool to see green verified badge? 😜
Besides, it has some good benefits too.

Reason:
When you commit a change with Git, it accepts as author whatever value you want. This means you could claim to be whoever you want when you create a commit.

That means, in a organisation repository as a one of collaborators I can do a commit in your name by changing git config user.name and git config user.email to yours.

This will not work for his repository because it will ask for authentication but you can do in shared repo and this will raise question to the real author of that commit.

So, Signing your commits will provide you authenticity to your commits. Even in any case of misuse, you can easily prove them that it's not yours. Hope this gives you a good idea about signing git commits.

Here's the interesting article about this.

https://mikegerwitz.com/2012/05/a-git-horror-story-repository-integrity-with-signed-commits

Now, How to Sign git commits?

This setup needs few installations and configuration. Instead of writing my own article I thought to share a detailed article about it.

Setting up our Git to sign commits

How (and why) to sign Git commits | With Blue Ink
Authenticate your commits, plus get them the β€œVerified” badge on GitHub

Let me know if you have any questions.

Peace ✌️