• caglararli@hotmail.com
  • 05386281520

Do Git Commit signatures prevent repository modification?

Çağlar Arlı      -    22 Views

Do Git Commit signatures prevent repository modification?

Git commit signatures seems the signature signs the commit message, but I can't find much information on what the signatures actually solve, and don't understand the git architecture.

If I have a repository which began unsigned but moved to a signed model, can a malicious user with write access perform any of the following tasks without invalidating the latest signature:

  • Modify data committed with a signed commit message
  • Modify data prior to the first signed commit in a way that results in the latest commit being different (Eg modify a part of the code that signed commits do not touch, meaning they won't create any diffs which overwrite the maliciously modified component)