Mgngmxaeqofrcemdrm0n
SkillsCast

Git commit signing: Code we can trust?

12th February 2018 in London at CodeNode

There are 6 other SkillsCasts available from LRUG - February

If someone slips a hack into homebrew all of our machines could become vulnerable.

But what about our own code?

When we deploy to production, how do we know we can trust it?

What if someone pushes a hack to our github?

Will CI still push it to production?

It turns out Git has a cool feature that can help us trust the code we deploy. We'll discuss Git Commit Signing, how it can help us, and what downsides it may have.

Thanks to our sponsors

Git commit signing: Code we can trust?

Matthew Rudy Jacobs

Matthew has been coding since 2006 in London, Cambridge and Hong Kong. He founded the Hong Kong developer community Codeaholics, and organised Hong Kong Code Conf from 2014 to 2016.

SkillsCast

If someone slips a hack into homebrew all of our machines could become vulnerable.

But what about our own code?

When we deploy to production, how do we know we can trust it?

What if someone pushes a hack to our github?

Will CI still push it to production?

It turns out Git has a cool feature that can help us trust the code we deploy. We'll discuss Git Commit Signing, how it can help us, and what downsides it may have.

Thanks to our sponsors

About the Speaker

Git commit signing: Code we can trust?

Matthew Rudy Jacobs

Matthew has been coding since 2006 in London, Cambridge and Hong Kong. He founded the Hong Kong developer community Codeaholics, and organised Hong Kong Code Conf from 2014 to 2016.