Session
To sign, or not to sign – everything there is to know about signing commits and tags
In today’s fast-paced software landscape, efficient release processes are critical. Git, as a decentralized version control system, relies on synchronizing changes across different repositories. However, authentication and authorization are decoupled from commit author information. To ensure authenticity, developers can sign commits and tags using PGP or SSH keys.
Join us in this session as we explore all aspects of signing commits and tags:
- GitHub Validation: Understand how GitHub validates author information for commits and tags.
- Key Management: Learn best practices for creating and managing PGP and SSH keys.
- Security Considerations: Dive into key security measures.
- Local Signing: Discover how to sign commits and tags locally.
- GitHub and Codespaces: Explore signing within GitHub and Codespaces.
- Enforcing Signed Commits: Implement signed commits for protected branches.
- Vigilant Mode: Uncover the benefits of enabling vigilant mode.
- 1Password Integration: Utilize 1Password to store SSH keys and PGP passphrases.
Whether you’re part of large open-source projects or small security-focused teams, signing practices vary based on context and Git workflows. We’ll focus on practical scenarios where signing adds value, drawing from real-world examples. Join Michael as he shares insights on when signing accelerates progress and when it’s essential to tread carefully.
Michael Kaufmann
Microsoft MVP and RD, Founder/CEO Xpirit Germany
Stuttgart, Germany
Links
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top