A web of trusted commits

Who Do You Trust?

  • Martin Kwee
  • 4 augustus 2016

When you’re building software with people from around the world, it’s important to validate that commits and tags are coming from an identified source. By using a distributed revision control system like Git, anyone can have an offline copy of your project’s code repository. In theory having a central repository is not necessary, but it can be used to provide an “official” source from which other developers can clone from and work on. These other floating repositories may contain malicious code because, unfortunately, it is remarkably easy to fake your identity when committing code using Git.

Read the full article here.

Over de auteur:

Martin Kwee

Martin is a Principal Java Consultant at Ordina Belgium. He enjoys a good technical challenge and is passionate about learning new innovative technologies and architectures.