Laptop with an integrated development environment, showing a file written in the PHP programming language. (PXHERE, CC0, via Wikimedia Commons) A researcher said Wednesday that two malicious commits that were added to the PHP web development programming language’s official Git server earlier this week may have been prevented if the maintainers had enabled signed commits (encryption) on the server. For those unschooled in the language of programming, a commit in the Git world is when a source code repository gets refreshed. Malicious commits happen when malicious code gets placed into the refresh. When a programmer cryptographically signs a commit, itâs known as a signed commit.