You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Where -S in the command causes the commit to get signed with my private key. When I push the changes to GitHub, GitHub verifies the signature against my public key that I uploaded to them previously. They even put a little button that says Verified next to each commit that I signed.
I'd like for commits made from my GitPod to somehow be signed as well. I can think of two options at the moment:
Invent a process where git commit -S outputs the string to be signed and waits for the user to copy that string locally, use GPG to sign it with her private key and then copy the signed output back into the GitPod command line that was waiting for it. This option may not be possible without coding some new commit signing handler.
Maybe GitPod could sign the commit similar to how GitHub signs commits when editing a file using their Web interface.
Here's a little more information related to option 2:
According to this page Managing commit signature verificationGitHub will automatically sign commits you make using the GitHub web interface.
The text was updated successfully, but these errors were encountered:
In my opinion, option 1 seems to be rather complicated and cumbersome. Option 2 is not possible unless (a) Gitpod has your private GPG key or (b) generates a private GPG key whose public key you need to add to GitHub. In both cases Gitpod have to manage the secure storage of the private key of the users.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
When I develop at my desktop I regularly use:
Where
-S
in the command causes the commit to get signed with my private key. When I push the changes to GitHub, GitHub verifies the signature against my public key that I uploaded to them previously. They even put a little button that says Verified next to each commit that I signed.I'd like for commits made from my GitPod to somehow be signed as well. I can think of two options at the moment:
git commit -S
outputs the string to be signed and waits for the user to copy that string locally, use GPG to sign it with her private key and then copy the signed output back into the GitPod command line that was waiting for it. This option may not be possible without coding some new commit signing handler.Here's a little more information related to option 2:
According to this page Managing commit signature verification GitHub will automatically sign commits you make using the GitHub web interface.
The text was updated successfully, but these errors were encountered: