Git Winch Guide

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
chkid [2025/06/29 10:52] adminchkid [2025/07/01 19:50] (current) admin
Line 3: Line 3:
 When a commit is made, //Git Winch// automatically adds a signature into the Commit message. This signature can later be checked for authenticity. This is how to do it: When a commit is made, //Git Winch// automatically adds a signature into the Commit message. This signature can later be checked for authenticity. This is how to do it:
  
-From the //Log// page, you //MUST select// the characters starting with //{// all the way to the closing //}// You would see a button 'Check Commit User' appearing on the top of the log page. Click that and it will let you know if that signature was forged or a correct one.+From the //Log// page, you //MUST select// the characters starting with //{// all the way to the closing //}// You would see a button 'Check Sign' appearing on the top of the log page. Click that and it will let you know if that signature was forged or a correct one.
  
 **Why is a commit signature important?**\\ **Why is a commit signature important?**\\
-One of the weak points in the //Git// system is that it can send any name and email address to the //Git host// when performing a Git Commit and thence push. It has been designed like that -- //Git// has no way to validate such name and email addresses. We implemented this signature system to ensure that people do not forge anyone else's name into a commit. So ALL the commits that are pushed via //Git Winch// will invariably contain a signature. And that signature can be checked from within //Git Winch// by anyone.+One of the weak points in the //Git// system is that it can send any name and email address to the //Git host// when performing a Git Commit and thence push. It has been designed like that -- //Git// has no way to validate such name and email addresses.  
 + 
 +We implemented this signature system to ensure that people do not forge anyone else's name into a commit. So ALL the commits that are pushed via //Git Winch// will invariably contain a signature. And that signature can be checked from within //Git Winch// by anyone else who is also a registered user of your //Git Winch// coordination server; and has membership of the same repository tooSignatures of old members who had done an old commit; but are no longer in office, are also verifiable. 
 + 
 +**NOTE: Git Commits contain the user's full name AND NOT the username**\\ 
 +From version 1.0.14.0 //Git Winch// uses the full name of the user which the user had set to attribute a commit, and create the above signature. As far as possible, the username (the one that is used to login) is NOT shared with anyone (nor should you) so the chances of hacking into someone's account is reduced.  
 + 
 +//Only the owner of a repository would come to know the username of a person who works on the repository when the deploy key is made. But that is an arrangement between only those two persons and not everyone else.//
  
 ---- ----
  
 [[/concepts?do=export_xhtml | Learn the concepts]] | [[/topics?do=export_xhtml | Table of Contents]] [[/concepts?do=export_xhtml | Learn the concepts]] | [[/topics?do=export_xhtml | Table of Contents]]
chkid.1751187145.txt.gz · Last modified: by admin

Page Tools