it'd be nice if github had better support for rewriting history as part of a PR review process, even something really basic like squashing groups of commits
1
2
31
Conversation
Replying to
squashing on the server would break commit signing. nonetheless, yeah, it would be nice if it handled it better.
2
8
Replying to
it could be there as an option for when none of the commits are signed, which is a common case imo
1
10
(fwiw, my perspective is that i think in practice commit signing has very little value and causes a lot of pain)
1
18
Replying to
one thing that the cryptocurrency people got right is that the hardware wallets have little screens on them so that you can confirm what you're actually signing on the trusted device, not the untrusted one
2
9
58
It's hard to do this for more complex cases than showing a receive address, transaction amount and fee amount.
Trezor has on-screen confirmation for SSH and GPG too but all that's being confirmed is the signing identity. It also shows the site identity on-screen for U2F/FIDO2.