Expand description
Signature-policy analysis: an unsigned commit in an otherwise-signed history.
When a repository’s reachable history is predominantly signed, the absence of a signature on a particular commit is a break in the prevailing signing policy — consistent with a commit injected or forged outside the normal signed workflow. It is a lead an examiner follows, never a verdict: a developer may simply have forgotten to sign.
Enums§
- Signature
Anomaly - A signing-policy anomaly observed across a set of commits.
Functions§
- audit_
signatures - Audit a set of commits for the unsigned-in-signed-history anomaly (pure).
- audit_
signatures_ repo - Walk every commit reachable from
from(first-parent) and audit their signatures for the unsigned-in-signed-history anomaly.