Wouldn’t that mean you’d have to share your public key anyway?
I have the same repos in multiple vms, keeping tabs of that key would be… interesting, considering i often use passwordless-logins across the board.
Wouldn’t that mean you’d have to share your public key anyway?
Public keys aren’t meant to be private. The function is literally in the name… But no, you don’t necessarily have to share your public key, but for someone to verify that a specific public key was used to sign a commit, the public key is required. So there’s absolutely no reason to sign your commits if you intend on keeping your public key, private… It completely defeats the entire purpose…
Wouldn’t that mean you’d have to share your public key anyway?
I have the same repos in multiple vms, keeping tabs of that key would be… interesting, considering i often use passwordless-logins across the board.
Public keys aren’t meant to be private. The function is literally in the name… But no, you don’t necessarily have to share your public key, but for someone to verify that a specific public key was used to sign a commit, the public key is required. So there’s absolutely no reason to sign your commits if you intend on keeping your public key, private… It completely defeats the entire purpose…
Thanks, i know what “public” means.
I don’t see “not usually installed on your system” as a strong enough disadvantage to PGP for this use case.