Introduction

Sequoia git is a system to authenticate changes to a VCS repository. A project embeds a signing policy in their git repository, which says who is allowed to add commits, make releases, and modify the policy. sq-git log can then authenticate a range of commits using the embedded policy.

Sequoia git distinguishes itself from projects like sigstore in that all of the information required to authenticate commits is available locally, and no third-party authorities are required.

Sequoia git is part of the Sequoia PGP project.

Documentation

• User manual
• Man pages
• Specification
• Internal API

Code

• GitLab project
• GitHub Action for checking commits from CI