Commit Stomping is a technique used to manipulate Git commit timestamps, misleading observers about when changes were made. This method can obscure the true timeline of code changes, complicating audits and incident investigations, and poses significant risks in software supply chain security. The article discusses how to execute this technique, its implications, and strategies for detection and prevention.

A comprehensive guide for creating Debian packages in 2025 using Git, emphasizing the importance of preserving upstream Git history for improved software provenance and supply-chain security. The article details an optimal workflow for packaging, including using Git for version control, following DEP-14 conventions, and leveraging Salsa for CI and peer reviews, illustrated through the example of packaging the Entr command-line tool.

Sketchy is a cross-platform security scanner designed to identify potential risks in GitHub repositories, packages, or scripts before installation. It highlights various security concerns, including code execution patterns and credential theft, helping users avoid malicious software. The tool is open-source and encourages users to audit its code and report any malware findings.

The article explores the benefits and considerations of hosting personal Git repositories, discussing various hosting solutions and the implications for developers. It highlights the importance of control over one's code and the potential challenges of self-hosting. Additionally, it touches on security and backup strategies to ensure data integrity.