The badge is also displayed if the commit was signed locally by a GPG key whose ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

semiquaver on Jan 23, 2024 | parent | context | favorite | on: Forging signed commits on GitHub

The badge is also displayed if the commit was signed locally by a GPG key whose public component is uploaded to GitHub by the the claimed author and committer.

the456gamer on Jan 29, 2024 [–]

Clicking on the badge shows a different message, however:

> This commit was signed with the committer's verified signature.

vs

> This commit was created on GitHub.com and signed with GitHub's verified signature.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact