If everyone is concerned about commit identity hijacking, you can configure your... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		res0nat0r on March 1, 2022 \| parent \| context \| favorite \| on: How to take credit for someone else's work on GitH... If everyone is concerned about commit identity hijacking, you can configure your repo settings to reject any commits which aren't GPG signed. https://docs.github.com/en/authentication/managing-commit-si... https://www.devopsauthority.tech/2020/07/18/github-getting-s...

DyslexicAtheist on March 1, 2022 [–]

that's great but it requires an active step on behalf of the user which is violating secure defaults principle. it also violates the principle of good UE

res0nat0r on March 1, 2022 | | [–]

There's no way around it, because git commits by default can be forged due to the way it was designed.

tremon on March 1, 2022 | | [–]

Security requirements are often at odds with good UE.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact