Feature/lab2

.github/pull_request_template.md

@@ -0,0 +1,13 @@
+## Goal
+<!-- What does this PR accomplish? 1 sentence. -->
+
+## Changes
+- 
+
+## Testing
+<!-- How did you verify it? -->
+
+## Checklist
+- [ ] Title is a clear sentence (≤ 70 chars)
+- [ ] Commits are signed (`git log --show-signature`)
+- [ ] `submissions/labN.md` updated

submissions/lab1.md

@@ -0,0 +1,35 @@
+# Lab 1 submission
+
+## Task 1: SSH Commit Signing & First Signed Commit
+
+### `curl` output
+
+![curl output](src/lab01_curl.png)
+
+### `git log` output
+
+![git log output](src/lab01_sign.png)
+
+### Verification output
+
+![verification output](src/lab01_verified.png)
+
+### *why signed commits matter*
+
+Signing a commit cryptographically ties it to an identity, so a reviewer can check that a change really came from the person it claims to, not from someone who just set user.name and user.email to impersonate them. Git makes this easy to fake.
+By default, anyone can author a commit. Looking at the xz-utils backdoor: an attacker using the name "Jia Tan" spent months building maintainer trust, then buried a backdoor in a compression library that ships in most Linux distros.
+Require signing, keep a record of who signed what, and an unexpected or unverifiable commit sticks out instead of blending into the history. That alone won't stop a determined attacker, but it raises the cost.
+
+## Task 2: Pull Request Template & First PR
+
+![PR Template](src/lab01_PR_template.png)
+
+## Task 3: GitHub Community Engagement
+
+- **Why starring repositories matters in open source:**
+
+    Starring is both a bookmark and a signal: it saves a project to your profile for later and publicly endorses it, and aggregate star counts act as a rough trust/popularity signal that helps others discover worthwhile tools and motivates maintainers who mostly work for free.
+
+- **How following developers helps in team projects and professional growth:**
+
+    Following developers turns GitHub into a feed of what your teammates and the wider community are building, you see their new projects and activity, which makes it easier to coordinate on team work, learn from how others structure code, and build the professional network that carries past a single course.

submissions/lab2.md

@@ -0,0 +1,66 @@
+# Lab 2 submission
+
+## Task 1: Git Object Model + Reflog Recovery
+
+### 1.1: Explore your repo's plumbing
+
+- **`HEAD`:**
+
+    ![head](src/lab02_head.png)
+
+- **tree:**
+
+    ![tree](src/lab02_tree.png)
+
+- **blob:**
+
+    ![blob](src/lab02_blob.png)
+
+- **file contents:**
+
+    ![file contents](src/lab02_file.png)
+
+### 1.2 Inside `.git/`
+
+### 1.2 — .git/ interpretation
+
+- `cat .git/HEAD` → `ref: refs/heads/feature/lab1`: it stores the current branch name, not a commit SHA.
+- `ls .git/refs/heads/` → `feature  main`: `feature` is a directory, not a branch. Slashes in branch names (`feature/lab1`, `feature/lab2`) become real folders, so a branch is just a file holding a commit SHA.
+- `.git/objects/`: loose objects sharded into dirs by the first 2 chars of their SHA. 
+- `find .git/objects -type f | wc -l` counted 34 files
+
+    ![git folder](src/lab02_git_folder.png)
+
+### 1.3: Simulate disaster + recover
+
+- **`git reflog` output:**
+
+    ![reflog](src/lab02_reflog.png)
+
+- **`git reset --hard` output:**
+
+    ![reset](src/lab02_reset.png)
+
+- ***what would happen if git gc had run between the bad reset and your recovery?***
+
+    `git gc` prunes unreachable objects, but it respects the reflog and a grace period: by default it only prunes objects older than two weeks and keeps reflog entries for 90 days. Because the reflog still referenced my two commits, an ordinary git gc would not have deleted them, they were seconds old and still reachable via the reflog. The real danger is an aggressive prune that ignores the grace window — `git gc --prune=now` or `git reflog expire --expire=now --all` followed by `git prune` which removes unreachable objects immediately, if that had run, the commits would be unrecoverable.
+
+## Task 2: Tag a Release & Rebase a Feature
+
+### 2.1: Signed release tag
+
+![release tag verification](src/lab02_tags_verification.png)
+
+![release tag verification remote](src/lab02_tags_verification2.png)
+
+### 2.2: Rebase
+
+- **`git log --oneline` output:**
+
+    ![rebase log before](src/lab02_before_rebase.png)
+
+    ![rebase log after](src/lab02_after_rebase.png)
+
+- ***When you'd choose merge vs rebase?***
+
+    We can use rebase for personal projects or when having a linear history is a priority, but for large teams with many contributors, merge is safer to avoid the risk of losing commits or causing confusion by rewriting history.