5Eyl
Do Git Commit signatures prevent repository modification?
Git commit signatures seems the signature signs the commit message, but I can't find much information on what the signatures actually solve, and don't understand the git architecture.
If I have a repository which began unsigned but moved to a signed model, can a malicious user with write access perform any of the following tasks without invalidating the latest signature:
- Modify data committed with a signed commit message
- Modify data prior to the first signed commit in a way that results in the latest commit being different (Eg modify a part of the code that signed commits do not touch, meaning they won't create any diffs which overwrite the maliciously modified component)
