Author: David A. Harding 2014-05-21 20:25:02
Published on: 2014-05-21T20:25:02+00:00
In an email from May 2014, Chris Beams expressed his desire for a way to enable signing Git commits by default and noted that most people would probably forget to do it. To address this issue, David Harding shared a script he uses that adds a check for signed commits and provides an error message if the commit isn't signed. The script can be added to a project's .git/hooks/post-commit and post-merge file. Harding also provided instructions for adding the script to all new projects and updating current projects. He suggested that pull requests without signed commits should be rejected to make signing meaningful. Harding finds signing useful because it allows him to diff from the last time he reviewed the code and review any commits made using his name but which he didn't actually make. For anyone interested in reading more about Git signing, Harding recommended an article by Mike Gerwitz.
Updated on: 2023-06-08T23:13:24.694431+00:00