How to Verify Your Commits
Anyone can be anyone when it comes to commits. For example, here is a commit where ""Linus Torvalds"" deletes Linux. I put this document together for myself a while back, but I thought I would share it with other people who want a straightforward guide to setting up commit signing with GPG.
Instructions
- Install gpg
brew install gnupg2
(orsudo apt-get install gnupg2
, etc) - Generate the key with
gpg --full-generate-key
(the default type is probably fine) - Make sure it is at least
4096
bits - Make sure you use your Github no-reply email or an email provided to your Github account.
Newer
Older