
What is the interest to sign commit -S -m in git? - aurelien
Hello Hackers!
I have recently view that we can use -S to sign with our keys on git (maybe not all but works on github) and would like to know what is the interest of doing that, anyone can explain please?
======
giucal
If a commit is signed, one can verify that the author is indeed who s/he
claims to be. See [https://git-scm.com/book/it/v2/Git-Tools-Signing-Your-
Work](https://git-scm.com/book/it/v2/Git-Tools-Signing-Your-Work).

Some excerpt:

 _Git is cryptographically secure, but it’s not foolproof. If you’re taking
work from others on the internet and want to verify that commits are actually
from a trusted source, Git has a few ways to sign and verify work using GPG._

 _In Git 1.8.3 and later, “git merge” and “git pull” can be told to inspect
and reject when merging a commit that does not carry a trusted GPG signature
with the --verify-signatures command._

