A discussion I have quit often is about the recommendation if companies should require all their developers to sign their commits locally or not. Here is my perspective on that matter. Background Git is very powerful and gives you the possibility to alter existing commits. But this also means, that the author of a commit is not necessarily the one that is committing the code. A commit has two fields: author and committer. Both fields get set to the values of user.name and user.email from git config plus a timestamp. If you rebase, for example, the committer changes to the … Continue reading Should you require all developers to sign all local commits?
My sessions and workshops at the NDC Porto 2022. You can find the links to the slides in this post. Continue reading Speaking at NDC Porto
Today I received an alert mail from GitHub Dependabot. One of my demo projects on GitHub has a dependency on bootstrap. Here is what the mail looks like: It seems my project has a dependency on a version of bootstrap … Continue reading There is a security issue, and here is how to fix it!