mirror of https://codeberg.org/CRXN/docs.git
19 lines
1.1 KiB
Markdown
19 lines
1.1 KiB
Markdown
|
|
||
|
|
# Security in Git
|
||
|
|
|
||
|
|
Our entitydb is on codeberg.org, a free Git server based on Gitea.
|
||
|
|
|
||
|
|
## Two-factor authentication
|
||
|
|
Two-factor authentication requires entering a one-time code or using a physical security key in addition to the password when logging into Codeberg. If the password is compressed, an attacker cannot log in to the account.
|
||
|
|
- [Setting up two-factor authentication](https://docs.codeberg.org/security/2fa/)
|
||
|
|
- [Free authenticator apps on F-Droid](https://search.f-droid.org/?q=totp)
|
||
|
|
|
||
|
|
## Integrity of the connection to Codeberg
|
||
|
|
When connecting to Codeberg, an SSH connection is often used. To prevent MITM attacks, you can verify the SSH fingerprint.
|
||
|
|
- [Verifying you're connected to Codeberg using SSH fingerprints](https://docs.codeberg.org/security/ssh-fingerprint/)
|
||
|
|
|
||
|
|
## Sign the commits
|
||
|
|
To verify the authenticity and integrity of commits, it is recommended to sign them with GPG.
|
||
|
|
- [Signing Your Work](https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work)
|
||
|
|
- [Signing commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)
|