> Git records the committer as well as the author, so even though a simple 'git log' shows only the author (which you can set with 'git commit --author', which is very useful when you want to apply an external patch from somebody), you can show both the committer and the author with e.g. git log --format <something>.
It’s all just data. Even if git didn’t offer the ability to edit all of these
Anyway, even if git itself did not provide the tools to set this information on a per-commit basis you could still of course change your ~/.gitconfig and adjust your system clock time prior to committing. Or you could edit the commit data using a third-party tool that you yourself or someone else created. Like I said, it’s all just data.
Just because a file says something doesn’t mean that what it is saying is true, basically. Same goes for a piece of software.
And signing provides limited value as well, though useful to some. But for example you still wouldn’t know that the date information was correct even if the commit was signed.
Personally though I prefer to just commit things when I do them and push them immediately. And I don’t sign my commits but I would be willing to do so if there was any reason to — for example if it was the policy of a company I worked for that we do so.
Suppose someone checks some malicious code into the repo. Without signed commits it can be very difficult to determine or prove who was responsible. That ability to audit is important to most companies, and should be important to most popular open source projects as well.
It’s all just data. Even if git didn’t offer the ability to edit all of these
- Author
- Committer
- Author date
- Commit date
Which by the way it does allow of course, as it should. See for example git commit-tree. https://git-scm.com/docs/git-commit-tree
Anyway, even if git itself did not provide the tools to set this information on a per-commit basis you could still of course change your ~/.gitconfig and adjust your system clock time prior to committing. Or you could edit the commit data using a third-party tool that you yourself or someone else created. Like I said, it’s all just data.
Just because a file says something doesn’t mean that what it is saying is true, basically. Same goes for a piece of software.
And signing provides limited value as well, though useful to some. But for example you still wouldn’t know that the date information was correct even if the commit was signed.
Personally though I prefer to just commit things when I do them and push them immediately. And I don’t sign my commits but I would be willing to do so if there was any reason to — for example if it was the policy of a company I worked for that we do so.