Techly NewsGet the app

Get the latest tech news

SSH Certificates and Git Signing


When you’re looking at source code it can be helpful to have some evidence indicating who wrote it. Author tags give a surface level indication, but it turns out you can just lie and if someone isn’t paying attention when merging stuff there’s certainly a risk that a commit could be merged with an author field that doesn’t represent reality. Account compromise can make this even worse - a PR being opened by a compromised user is going to be hard to distinguish from the authentic user.

None

Get the Android app

Or read this on Hacker News

Read more on:

Photo of ssh certificates

ssh certificates

Photo of Git Signing

Git Signing

Related news:

News photo

SSH Keys Don't Scale. SSH Certificates Do

« Chest Fridge (2009)
How to AirDrop on an Android phone (and the few models that can actually do it) »