Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/cks/statuses/112203368084357249">Chris Siebenmann (cks@mastodon.social)'s status on Wednesday, 03-Apr-2024 16:24:24 JST</a><a href="https://mastodon.social/@cks" title="cks@mastodon.social"><img src="https://gnusocial.jp/avatar/97051-48-20230210172853.webp" width="48" height="48" alt="Chris Siebenmann" style="position: absolute; left: 0; top: 0;">Chris Siebenmann</a></section><article><p>My standard attitude on digital signatures for anything, Git commits included, is that you should not sign anything unless you understand what you're committing to when you do so. This usually includes "what people expect from you when you sign things". Signing things creates social and/or legal liability. Do not blindly assume that liability without thought, especially if people want you to.</p><p>In re: <a href="https://fosstodon.org/@vbatts/112185576755787518" rel="nofollow noreferrer">https://fosstodon.org/@vbatts/112185576755787518</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2894501#notice-5753045">In conversation</a><time datetime="2024-04-03T16:24:24+09:00" title="Wednesday, 03-Apr-2024 16:24:24 JST">about a year ago</time> <span>from <span><a href="https://mastodon.social/@cks/112203368084357249" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@cks/112203368084357249">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/157110">Untitled attachment</a></label><br></li><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://fosstodon.org/@vbatts/112185576755787518">Vincent Batts (@vbatts@fosstodon.org)</a></h5><div> from <span>Vincent Batts</span></div></header><div>PSA: now more than ever, sign your #git commits.Either `git commit -sS` every commit; or `git config commit.gpgSign 1` in a project; or `git config --global commit.gpgSign 1`Use #GPG or even your existing #SSH key.More info:
- https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key
- https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Chris Siebenmann (cks@mastodon.social)'s status on Wednesday, 03-Apr-2024 16:24:24 JST Chris Siebenmann
My standard attitude on digital signatures for anything, Git commits included, is that you should not sign anything unless you understand what you're committing to when you do so. This usually includes "what people expect from you when you sign things". Signing things creates social and/or legal liability. Do not blindly assume that liability without thought, especially if people want you to.
In re: https://fosstodon.org/@vbatts/112185576755787518
In conversationabout a year ago from mastodon.socialpermalink
Attachments
1. Untitled attachment
2. No result found on File_thumbnail lookup.
  Vincent Batts (@vbatts@fosstodon.org)
  from Vincent Batts
  PSA: now more than ever, sign your #git commits. Either `git commit -sS` every commit; or `git config commit.gpgSign 1` in a project; or `git config --global commit.gpgSign 1` Use #GPG or even your existing #SSH key. More info: - https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key - https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work

Public

Embed Notice

HTML Code

Corresponding Notice