openwhisk-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bertrand Delacretaz <>
Subject Re: should we enable signed commits on our github repos?
Date Thu, 12 Jul 2018 14:25:08 GMT

On Tue, Jul 10, 2018 at 6:23 PM Rodric Rabbah <> wrote:
> ...working with @vincent to
> publish his key to avoid this:
>    gpg: WARNING: This key is not certified with a trusted signature!
>    gpg:          There is no indication that the signature belongs to the
> owner....

I'm not sure if this is related to GitHub, AFAIK what's happening is
that Vincent's GPG key is not signed by other people in a way that
creates a chain of signatures to your own key.

We usually have key signing events at Apache conferences, see and
the following sections.


View raw message