see shy jo on Nostr: Today is a really good time to start gpg signing every git commit you make. ...
Today is a really good time to start gpg signing every git commit you make.
Especially if you're using infrastructure with #xz on it that could still contain unknown backdoors.
I have signed all my commits since 2016.
git config commit.gpgSign 1
Published at
2024-03-30 13:53:56Event JSON
{
"id": "7e3c1160fe49e6935d60f8083259d43273eee9394f112ff6c833cabb4ac81091",
"pubkey": "38d81ebfc3bfd1ed5931f48829176a2eed648d5220545c52ff6d8cde895a9d43",
"created_at": 1711806836,
"kind": 1,
"tags": [
[
"t",
"xz"
],
[
"proxy",
"https://hachyderm.io/users/joeyh/statuses/112184972850853679",
"activitypub"
]
],
"content": "Today is a really good time to start gpg signing every git commit you make. \n\nEspecially if you're using infrastructure with #xz on it that could still contain unknown backdoors.\n\nI have signed all my commits since 2016.\n\ngit config commit.gpgSign 1",
"sig": "de96d6d8b0f33a0639984dbf0476cdab88f40d1dad6b8edeafa43d197019e691108441aba2ffcdcb8e45e269704a8b1afd67d75f68af417e6c5d2512d0d4118f"
}
