This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| chkid [2025/06/29 10:53] – admin | chkid [2025/07/01 19:50] (current) – admin | ||
|---|---|---|---|
| Line 6: | Line 6: | ||
| **Why is a commit signature important? | **Why is a commit signature important? | ||
| - | One of the weak points in the //Git// system is that it can send any name and email address to the //Git host// when performing a Git Commit and thence push. It has been designed like that -- //Git// has no way to validate such name and email addresses. We implemented this signature system to ensure that people do not forge anyone else's name into a commit. So ALL the commits that are pushed via //Git Winch// will invariably contain a signature. And that signature can be checked from within //Git Winch// by anyone else that is a member at your //Git Winch// coordination server. | + | One of the weak points in the //Git// system is that it can send any name and email address to the //Git host// when performing a Git Commit and thence push. It has been designed like that -- //Git// has no way to validate such name and email addresses. |
| + | |||
| + | We implemented this signature system to ensure that people do not forge anyone else's name into a commit. So ALL the commits that are pushed via //Git Winch// will invariably contain a signature. And that signature can be checked from within //Git Winch// by anyone else who is also a registered user of your //Git Winch// coordination server; and has membership of the same repository too. Signatures of old members who had done an old commit; but are no longer in office, are also verifiable. | ||
| + | |||
| + | **NOTE: Git Commits contain the user's full name AND NOT the username**\\ | ||
| + | From version 1.0.14.0 //Git Winch// uses the full name of the user which the user had set to attribute a commit, and create the above signature. As far as possible, the username (the one that is used to login) is NOT shared with anyone (nor should you) so the chances of hacking into someone' | ||
| + | |||
| + | //Only the owner of a repository would come to know the username of a person who works on the repository when the deploy key is made. But that is an arrangement between only those two persons and not everyone else.// | ||
| ---- | ---- | ||
| [[/ | [[/ | ||