[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Should commit signing always be required for local work? [was Re: bu
|
From: |
Vagrant Cascadian |
|
Subject: |
Re: Should commit signing always be required for local work? [was Re: bug#63261: Recent changes to git config cause errors for non-committers] |
|
Date: |
Wed, 24 May 2023 14:00:36 -0700 |
On 2023-05-19, Simon Tournier wrote:
> On ven., 19 mai 2023 at 11:34, Josselin Poiret <dev@jpoiret.xyz> wrote:
>> I'm curious Leo, in general (not Guix because we have a pre-push hook),
>> how do you make sure you always publish signed commits? I don't want to
>> put unsigned commits anywhere except locally, but it feels like I might
>> just forget to sign them before pushing.
>
> Well, I am not Leo. :-) Maybe I misunderstand your question but usually
> my file ~/.gitconfig contains my default; say always sign. Then
> locally, for some project [1], I set other options with the local file
> .git/config of the repository.
>
> And for the ones I do not want to sign locally but I will push signed, I
> have pre-push hooks. Note, in practise, I do not have such
> configuration. :-)
This is basically a show-stopper for me working on guix right now. I
intentionally do not have access to my openpgp key on Guix System
machines. This completely breaks my workflow.
Neither changing ~/.gitconfig not .git/config in the working repository
seems to work around this.
I think the case can be made that not requiring signatures will actually
prevent unintentional changes from getting pushed to the archive, as the
server-side hooks will prevent unsigned changes from landing in the
repository... this is why I prefer to leave my local work-in-progress
changes unsigned. I only sign things I am confident I might want to
push.
Please revert ASAP.
live well,
vagrant
signature.asc
Description: PGP signature