Post Syndicated from original https://lwn.net/Articles/835985/rss
Kernel.org manager Konstantin Ryabitsev describes
the Git signed-push functionality, which is now supported by the
kernel.org system. “To help hedge against this problem, git provides
developers a way to sign their actual pushes, as a means to attest ‘yes, I
actually did intend to push these commits into this ref in this repository
on this server, and here’s my PGP signature to prove it.’” Among
other things, these signatures can be preserved in a commit transparency
log, which
is also now provided by kernel.org.