Explain like I'm tiny Eevee: What's the point of signing commits in Git?
@vaporeon_ you can forge author metadata in git; this is just a furst-class feature. signing your commit is an actual guarantee that the ostensible author is who they say they are—more strictly, that whoever authored the commit has the purrivate key associated with the email address on the commit
Follow
@vaporeon_ try running git commit --author='Linus Torvalds <mail@linustorvalds.com>' on a demo repo sometime; this just works. it’s that easy
