Riaan Burger from Burtronix spoke on Git workflow and security.
Thanks to him and Amazee for their sponsorship :-)
Riaan's slides available here: http://slides.com/riaan-burger/a-secure-git-development-work-flow
PGP, GPG, GNU.
Trusted communications.
Signing commits.
GPG
Trusted Identity
Biglumber and keybase.io
Keeping a master key and then a revocation key offsite.
Routes all traffic through TOR - can’t be profiled that easily.
Setting the right cipher for certificates and keys
Use-agent to cache password so you don’t have to enter it each time.
Scm_breeze gives you a bunch of shortcuts
Scmpuff rewritten in go to do the basics of scm_breeze (that's what they use).
Provides git aliases in the terminal
Then my notes that I posted in the slack channel regarding Git's --no-ff flag:
For those not in the slack channel, here's a simple explanation of Git's --no-ff flag when merging,: http://dev.bizo.com/2014/02/why...
Then check the graphic and paragraph here: http://nvie.com/posts/a-success... - essentially it just makes it easier to identify a specific feature that has been merged into a branch and allows for easier rolling back or reverting of the feature. So maintains branch history if the ancestor from which the branch was made hasn't changed since the branch was created.