cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daan Hoogland <daan.hoogl...@gmail.com>
Subject Re: GPG signing commits on Github
Date Wed, 06 Apr 2016 08:50:40 GMT
Good reading for the Wednesday morning;) yes I think we need to go there
and maybe even ask it of our contributors.

On Wed, Apr 6, 2016 at 9:28 AM, Wido den Hollander <wido@widodh.nl> wrote:

> Hi,
>
> Github just added [0] support for verifying GPG signatures of Git commits
> to the
> web interface.
>
> Under the settings page [1] you can now add your public GPG key so Github
> can
> verify it.
>
> It's rather simple:
>
> $ gpg --armor --export wido@widodh.nl
>
> That gave me my public key which I could export.
>
> Git already supports signing [2] commits with your key.
>
> This makes me wonder, is this something we want to enforce? To me it seems
> like
> a good thing to have.
>
> Wido
>
> [0]: https://github.com/blog/2144-gpg-signature-verification
> [1]: https://github.com/settings/keys
> [2]: https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work
>



-- 
Daan

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message