You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently there's no support for PGP because of how difficult it was to install the correct GPG tools. I figured that SSH would be good enough for v1 but I think it would be good to set this up for PGP as well.
Problem to fix:
Figure out the correct dependencies Git needs under the hood to run verify-commit in order to know what to install. I would think it's in the source around where that command is invoked. The error messages also are helpful if you try and run it when the right tools aren't installed.
On top of the above, figure out the order of operations to verify commits. Do PGP commits fail first then SSH signed commits? There should probably be a configuration that checks one over the other depending on the existence of some value or thing.
Lastly, the missing piece is knowing what to store for PGP keys in order to get things working. When I experimented with this, I found that the Git config file stores the necessary PGP and SSH key. But when it comes to checking, the Authorized Keys file is what gets used to verify SSH signed commits.
The text was updated successfully, but these errors were encountered:
Currently there's no support for PGP because of how difficult it was to install the correct GPG tools. I figured that SSH would be good enough for v1 but I think it would be good to set this up for PGP as well.
Problem to fix:
Figure out the correct dependencies Git needs under the hood to run verify-commit in order to know what to install. I would think it's in the source around where that command is invoked. The error messages also are helpful if you try and run it when the right tools aren't installed.
On top of the above, figure out the order of operations to verify commits. Do PGP commits fail first then SSH signed commits? There should probably be a configuration that checks one over the other depending on the existence of some value or thing.
Lastly, the missing piece is knowing what to store for PGP keys in order to get things working. When I experimented with this, I found that the Git config file stores the necessary PGP and SSH key. But when it comes to checking, the Authorized Keys file is what gets used to verify SSH signed commits.
The text was updated successfully, but these errors were encountered: