When a commit is made, Git Winch automatically adds a signature into the Commit message. This signature can later be checked for authenticity. This is how to do it:

From the Log page, you MUST select the characters starting with { all the way to the closing } You would see a button 'Check Commit User' appearing on the top of the log page. Click that and it will let you know if that signature was forged or a correct one.

Why is a commit signature important?
One of the weak points in the Git system is that it can send any name and email address to the Git host when performing a Git Commit and thence push. It has been designed like that – Git has no way to validate such name and email addresses. We implemented this signature system to ensure that people do not forge anyone else's name into a commit. So ALL the commits that are pushed via Git Winch will invariably contain a signature. And that signature can be checked from within Git Winch by anyone.

Learn the concepts | Table of Contents