DanPristupov
commented
5 years ago Where the public keys are stored? Do you have the public keys of all the repository contributors on your computer?
Open mojotx opened 5 years ago
DanPristupov
commented
5 years ago Where the public keys are stored? Do you have the public keys of all the repository contributors on your computer?
nros
commented
3 years ago If you import the public keys of the contributors, they are available in your GPG key ring. On my Mac they are stored in file ~/.gnupg/pubring.kbx. The GPG utility finds them automatically.
Wouldn't it be good to add your public key to the repostory as .asc file, so that everybody would be able to check your signatures? I haven't thought about it yet, but I think, it would be wise to do so.
However, if a team manages to organise the exchange of the keys, then it will work out perfectly.
ian-twilightcoder
commented
1 year ago Even if Fork couldn't verify the signature, it would be great if it had a field in the commit details to indicate the signature was present. Even better if you could view the signature.
sirambd
commented
11 months ago I've been using fork for years now, and the problem is that sometimes my gpg key is deselected after updates, and it's only after creating a PR that I realise this.
The git log --show-signature command displays the commits with the signature keys. Wouldn't it be possible to have a similar display in fork?
Also to see about the problem of the key being deselected after updates.
What do you think ?
ian-twilightcoder
commented
7 months ago @DanPristupov any update on this one? Signed commits are getting quite a bit more prevalent, with GitHub having support for them now.
If someone has signed a commit with a PGP/GPG signature, it would be nice if Fork would show the fact that the commit was signed.
https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work