re: Spoof a commit on GitHub. From Anyone. VIEW POST


Several months back, I was setting up a new project on GitHub. As I was configuring my protected branches, I noticed a checkbox for "Require signed commits". I'm one of those obsessive box-checker freaks. So, when I noticed this new box, I clicked on the link to see what it was about and how to make it so I could check the box. Been signing commits ever since then (and Slack-shaming teammates whose commits don't have the green Verified box).

code of conduct - report abuse