Computer security in essence boils down to two things:
- Authentication : How can we prove who you are?
- Authorization : What access do you have?
Implementing secure systems often comes down to good habits. This
is one topic where the broken window theory tends to show its symptomps.
Meaning small hacks, lazinesses and lowering of standards tend to propagate and
eventually cause the whole system to become and unmaintainable mess.
I absolutely recommend reading the pragmatic programmer for more on this.
Good crypto habits is a good thing. If you are to be trusted as an
administrator of a system, then you should have good habits on crypto, and take
computer security seriously.
Signing commits with GPG
Gnu Privacy Guard or GPG is the underlying open source clockwork behind a lot
of crypto in the UNIX ecosystem. So lets use it to sign our commits. Heres the
First lets create the key pair
And configure git and git(Hub/Lab)
The public key provided in the line of the first stage should be put in your
account on github/gitlab/whatever
Congrats, you should now be verified!