I’m curious to hear what the Lemmy programming community thinks of this!
- The author argues against signing Git commits, stating that it adds unnecessary complexity to systems.
- The author believes that signing commits perpetuates an engineering culture of blindly adopting complex tools.
- The consequences of signing Git commits are likely to be subtle and not as dramatic as some may believe.
Archive link: https://archive.ph/vjDeK
On GitHub, the account that pushed the commit is already fairly evident.
Commits pushed from my GitHub account are differentiated from commits that are not.
I don’t want huge centralized Git infrastructure, but while we have it, signed commits are less compelling.
And I’m not saying I love the current state of code authorship verification, either.