[guardian-dev] signing git commits with gpg

Jacob Appelbaum jacob at appelbaum.net
Tue Feb 12 14:25:17 EST 2013

Hans-Christoph Steiner:
> Here's a nice, thorough article that goes thru the problems of gpg-signing git
> commits and verifying them in a useful way:
> http://mikegerwitz.com/docs/git-horror-story.html
> Has anyone integrated commit signing into their workflow?  I'm specifically
> interested to hear about aiding some kind of auditing.

I sign tags for torsocks, TorBirdy and tlsdate. It is pretty straight
forward. I'd move to signing commits if I was using a hardware dongle
that wasn't absolutely horrible.

All the best,

More information about the Guardian-dev mailing list