Simon Josefsson <si...@josefsson.org> writes: > I think that if I hadn't used the codeberg web interface to approve the > merge request, but instead pulled it locally and merged it myself, I > could have used some git command and parameter that would result in the > git commit identity would point to me instead. We can try this with the > next merge request that comes along. So maybe this is a pragmatic way > forward. I'm not sure about git signatures here though. What if Collin > PGP/SSH signed the commit, would it be visible in this scenario, or > would my PGP/SSH signature be used instead? I think local git merge is > the only way to get my PGP/SSH git commit signature applied, I'm not > aware of any way for codeberg's web interface to sign the commit on my > behalf.
I'm not too sure how it works on Codeberg. But GitHub uses it's own signing key for merged commits. You can see this in a commit I did at a repository for work [1]. If you click "Verified" it says "This commit was created on GitHub.com and signed with GitHub's verified signature." I assume if I had signed the commit that was used to submit the pull request, it would show on the pull request interface (once merging it would still likely use the GitHub.com signing key). But I do not have that set up. Collin [1] https://github.com/redis/librdb/commit/347e9e11b5b89f2c04d7f0539814aa0c3908ad3f
