DEV Community

Discussion on: How I got Linus Torvalds in my contributors on GitHub

Collapse
paramsiddharth profile image
Param Siddharth

Hmmm… Yes, no verified label in the contributors' list. But there will definitely be an unverified label in the commits if the person who is being impersonated has turned on vigilant mode. Also, in any legal processing, such commits would be deemed untrusted, because they won't be signed by the private key of the actual person.

That's why I recommend signing all commits.

Thread Thread
darkwiiplayer profile image
𒊩Wii 💖💛💚💙💜💝💟

What's more, it's why you should require contributors to sign any commit that's of actual legal interest, aka. any non-trivial contribution to an open source repository, so you can prove they willingly submitted their code to the repository knowing the license as well as having someone to blame if it turns out they stole the code :D