Sequoia git: Making Signed Commits Matter

Name: Sequoia git: Making Signed Commits Matter
Start: 2026-01-31T12:00:00
End: 2026-01-31T12:00:00
Location: UB5.132

UB5.132 | Day 1 | 12:00 - 12:25 | Speakers: Neal H. Walfield

Copy link

Copy link

Open in browser

Notes

Abstract

It is widely considered good practice to sign commits. But leveraging those signatures is hard. Sequoia git is a system to authenticate changes to a VCS repository. A project embeds a signing policy in their git repository, which says who is allowed to add commits, make releases, and modify the policy. sq-git log can then authenticate a range of commits using the embedded policy. Sequoia git distinguishes itself from projects like sigstore in that all of the information required to authenticate commits is available locally, and no third-party authorities are required. In this talk, I'll present sequoia git's design, explain how it enforces a policy, and how to use it in your project.

Attachments

Slides

Speakers

Neal H. Walfield

Neal H. Walfield an experienced programmer, and an aspiring manager. He cares a lot about human rights, and tries to be kind.

In 2017, Neal co-founded the Sequoia PGP project with Justus Winter and Kai Michaelis. Prior to working on Sequoia PGP, he worked for Werner Koch at g10code on GnuPG. Before that he wrote his PhD thesis on privacy on mobile phones. During his time at university, he spent a lot of time writing Free Software. His primary was project was the Hurd.

When not working, Neal spends as much time as possible with his family. He enjoys reading, baking, and roller coasters.

External Links

Notice: The placeholder video image is licensed under CC BY-SA 4.0. The original image can be found hereChanges made to the image are: Cropped the image to a new ratio, part of the image was cut off.