Github has just announced GPG signature verification, which helps verify that commits made in someone's name were indeed made by that person. It's long been a dirty secret of git that you can impersonate anyone with minimal effort, so GPG verification adds a nice layer of assurance. Now that I've gone through the hassle of setting up automatic commit signatures, here's how you can do it too.
Posts tagged git
There's a particular detail in the workings of the @git push@ command that's almost always elided in tutorials. It's one of those details where you don't often need to exercise your knowledge of it, but you occasionally need to know it exists. If you don't know you don't know it, you can end up in a frustratingly confusing state.
That's false! The syntax of the command is
git push <remote> <local-ref>:<remote-branch>. You can omit some of the keywords, and their values will be inferred in various ways. And in fact, it's extremely common to omit the
local-ref and colon, leaving the command looking the way tutorials claim it always looks.
When you use git at work and for personal projects, it's easy to mess up and make a commit using the wrong identity. You can end up with your work email attached to a commit for your personal work, or your personal email attached to your professional work. One solution is to simply isolate your code: only do your work programming on your work computer and only do your personal programming on your personal computer. That's not always practical, though. For example, you might find yourself wanting to do personal work while travelling with your work computer. In this post I'll show you how I manage that problem.