If someone slips a hack into homebrew all of our machines could become vulnerable.
But what about our own code?
When we deploy to production, how do we know we can trust it?
What if someone pushes a hack to our github?
Will CI still push it to production?
It turns out Git has a cool feature that can help us trust the code we deploy. We'll discuss Git Commit Signing, how it can help us, and what downsides it may have.
Git commit signing: Code we can trust?
Matthew has been coding since 2006 in London, Cambridge and Hong Kong. He founded the Hong Kong developer community Codeaholics, and organised Hong Kong Code Conf from 2014 to 2016.