Git developers, Today marks Git's 20th anniversary—a remarkable milestone for a tool that has become foundational to software development worldwide. First, thank you. Git’s distributed model, flexibility, and robustness have made it an essential pillar of modern open-source infrastructure. As someone focused on digital trust architectures (I'm co-author of the IETF TLS & W3C DID standards), I've been thinking deeply about how trust is conveyed (or not) in Git repositories, especially over long-lived, collaborative projects. Over the past year, I've been developing a proof-of-concept called the Open Integrity Project, which aims to layer trust and provenance on top of Git, without altering its internals or requiring new binaries. It uses a pattern of inception commits (to cryptographically assert original control) and trust transition commits (to document changes in maintainership or key rotation). It builds directly on Git's existing capabilities, particularly commit signing and SSH-based authentication, but adds some basic structure for reasoning about ownership and accountability over time. All of this is done through shell scripts and Git aliases—no new binarys, patches, or daemons. Some highlights: • Musings on the concept: https://www.blockchaincommons.com/musings/open-integrity/ • Problem statement: https://github.com/OpenIntegrityProject/core/blob/main/docs/Open_Integrity_Problem_Statement.md • GitHub repo (PoC implementation): https://github.com/OpenIntegrityProject/core • Example inception commit: https://github.com/OpenIntegrityProject/core/commit/69c8659959f1a6aa281bdc1b8653b381e741b3f6 I’m sharing this here not as a proposal for upstream changes, but as an open invitation: • If you think the problem space is worth discussing, I’d welcome any feedback, either on this list or in our new GitHub discussions area: https://github.com/orgs/OpenIntegrityProject/discussions • If you have thoughts on how Git’s existing tooling could better support trust workflows (even non-normatively), I’d love to hear them. - In particular, I've not made any decisions yet on the best technique to preserve the git-author SSH signatures when a branch is merged and then the branch is deleted. • And if this overlaps with any ongoing or past discussions I should be aware of, I’d appreciate a pointer. Thank you again for maintaining and evolving Git with such care over the years. I hope Open Integrity is seen as a complementary experiment in responsible stewardship of our shared infrastructure. Warm regards, Christopher Allen Principal Architect, Blockchain Commons https://github.com/ChristopherA https://www.blockchaincommons.com
