see shy jo on Nostr: Today is a really good time to start gpg signing every git commit you make. ...
Today is a really good time to start gpg signing every git commit you make.
Especially if you're using infrastructure with #xz on it that could still contain unknown backdoors.
I have signed all my commits since 2016.
git config commit.gpgSign 1
Published at
2024-03-30 13:53:56Event JSON
{
"id": "75cf355ead46b294fd037c1f49403e4f0cb9ec641bd574076f47401fd0e686f0",
"pubkey": "8e0979ecfbedf2b9bc9158b68a6933c169c35f6f1f8a1cee1dda8773f4ce7e15",
"created_at": 1711806836,
"kind": 1,
"tags": [
[
"t",
"xz"
],
[
"proxy",
"https://hachyderm.io/users/joeyh/statuses/112184972850853679",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://hachyderm.io/users/joeyh/statuses/112184972850853679",
"pink.momostr"
]
],
"content": "Today is a really good time to start gpg signing every git commit you make. \n\nEspecially if you're using infrastructure with #xz on it that could still contain unknown backdoors.\n\nI have signed all my commits since 2016.\n\ngit config commit.gpgSign 1",
"sig": "9c3bffaeb4cf412a31ebafc798c9cdb6a53fd01948e54da98d40c6fe6c6a163fcf9844f7d635da25a42fe3b1bdfc04935be16eb9475fb4ad42dab63874beebf8"
}
