I’m curious to hear what the Lemmy programming community thinks of this!
- The author argues against signing Git commits, stating that it adds unnecessary complexity to systems.
- The author believes that signing commits perpetuates an engineering culture of blindly adopting complex tools.
- The consequences of signing Git commits are likely to be subtle and not as dramatic as some may believe.
Archive link: https://archive.ph/vjDeK
Agreed, and I have more arguments against commit signing.
filter-branch
ed away, again invalidating the signatures.BTW this topic has common considerations with now mandatory (on GH and more places) 2FA. For the latter reason, and also for own convenience and for reducing risk of losing access to your account (which I assess as much higher than risk of leaking my password to third parties) I make second factor public, effectively reverting to 1FA.