add small security tutorial for git

Signed-off-by: Marek Küthe <m.k@mk16.de>

docs/entitydb/format-rules.md

@@ -30,7 +30,7 @@ The edb repository currently contains two different scripts:
 | `test.sh` | Tests the JSON files for validity |
 | `build_maxlen_filter.sh` | Builds a bird-compatible filter list |
 
-## Do I need to sqash my commits before setting a PR?
+## Do I need to squash my commits before setting a PR?
 Yes and No. Changes to files should be traceable. Therefore, a commit is recommended for every change. However, we also want to avoid more than 30 commits for one file in one PR. Therefore, if there are still mistakes in the initial registration, it would be nice to keep the number of commits within limits.
 
 With the following commands you can squash two commits to one:

docs/entitydb/security_in_git.md

@@ -0,0 +1,18 @@
+
+# Security in Git
+
+Our entitydb is on codeberg.org, a free Git server based on Gitea.
+
+## Two-factor authentication
+Two-factor authentication requires entering a one-time code or using a physical security key in addition to the password when logging into Codeberg. If the password is compressed, an attacker cannot log in to the account.
+- [Setting up two-factor authentication](https://docs.codeberg.org/security/2fa/)
+- [Free authenticator apps on F-Droid](https://search.f-droid.org/?q=totp)
+
+## Integrity of the connection to Codeberg
+When connecting to Codeberg, an SSH connection is often used. To prevent MITM attacks, you can verify the SSH fingerprint.
+- [Verifying you're connected to Codeberg using SSH fingerprints](https://docs.codeberg.org/security/ssh-fingerprint/)
+
+## Sign the commits
+To verify the authenticity and integrity of commits, it is recommended to sign them with GPG.
+- [Signing Your Work](https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work)
+- [Signing commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)