"For all of us who sign our git commits, detecting such a forged commit is easy and quickly done. In the curl project we don’t have mandatory signed commits..."
This gives me the impression that some people on the team sign their commits, but not all. As this is a team that is clearly takes security very seriously, I am interested in learning how the cost/benefit case works out for this particular feature/burden.
This gives me the impression that some people on the team sign their commits, but not all. As this is a team that is clearly takes security very seriously, I am interested in learning how the cost/benefit case works out for this particular feature/burden.