Peter, If you have specific issues setting it up, I’m happy to help debug. I haven’t done it recently but am willing to investigate with you.
Andy LoPresto [email protected] [email protected] PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > On Jun 11, 2019, at 12:55 PM, Bryan Bende <[email protected]> wrote: > > I will admit I've never setup GPG signing on Linux. I'm sure there are > some additional challenges there. > > Not sure if it is helpful, but there are a few things related to Linux > that are mentioned on this Github page: > > https://help.github.com/en/articles/telling-git-about-your-signing-key > > > On Tue, Jun 11, 2019 at 3:45 PM Kevin Doran <[email protected]> wrote: >> >> Yep, I support these suggestions. >> >> Setting up GPG does have a learning curve for folks that haven't done >> it before, but I think our community would be helpful in assisting >> folks on the mailing list and Apache NiFi Slack where they run into >> trouble. It's a good practice to learn and once setup there's not much >> more to do to get the benefits of it. >> >> Setting up GPG is also required when acting as release manager in >> order to sign convenience binaries (and soon, as Andy brought up, >> maven release artifacts as well - I think that is also a good idea), >> so the effort required to get setup for GPG has lots of benefits for >> folks that are interested in RM'ing as well. >> >> Kevin >> >> On Tue, Jun 11, 2019 at 3:30 PM Peter Wicks (pwicks) <[email protected]> >> wrote: >>> >>> I like having signed commits. I develop on both Windows and Linux, but have >>> only had success getting signing working on Windows (which was a bit >>> complicated as it was). You can see when I switched from mostly Windows to >>> mostly Linux by when I stopped signing commits... >>> >>> Thanks, >>> Peter >>> >>> -----Original Message----- >>> From: Andy LoPresto <[email protected]> >>> Sent: Tuesday, June 11, 2019 1:25 PM >>> To: [email protected] >>> Subject: [EXT] Re: GitHub Stuff >>> >>> I strongly support both of these suggestions. Thanks for starting the >>> conversation Bryan. GPG signing is very important for security and for >>> encouraging the rest of the community to adopt these practices as well. >>> >>> >>> Andy LoPresto >>> [email protected] >>> [email protected] >>> PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 >>> >>>> On Jun 11, 2019, at 11:42 AM, Bryan Bende <[email protected]> wrote: >>>> >>>> I had two thoughts related to our GitHub usage that I wanted to throw >>>> out there for PMC members and committers... >>>> >>>> 1) I think it would be helpful if everyone setup the link between >>>> their Apache id and github [1]. Setting up this link puts you into the >>>> nifi-committers group in Apache (currently 17 of us are in there), and >>>> I believe this is what controls the list of users that can be selected >>>> as a reviewer on a pull request. Since PRs are the primary form of >>>> contribution, it would be nice if all of the PMC/committers were in >>>> the reviewer list, but of course you can continue to commit against >>>> Gitbox without doing this. >>>> >>>> 2) I also think it would be nice if most of the commits in the repo >>>> were signed commits that show up as "Verified" in GitHub [2]. Right >>>> now I think we lose the verification if the user reviewing the commit >>>> doesn't have signing setup, because when you amend the commit to add >>>> "This closes ...", it technically produces a new commit hash, thus >>>> making the original signature no longer apply (at least this is what I >>>> think is happening, but other may know more). >>>> >>>> These are obviously just my opinions and no one has to do these >>>> things, but just thought I would throw it out there for discussion in >>>> case anyone wasn't aware. >>>> >>>> -Bryan >>>> >>>> [1] >>>> https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitb >>>> ox.apache.org%2Fsetup%2F&data=02%7C01%7Cpwicks%40micron.com%7Cc2f2 >>>> 0a00f6424597c10708d6eea27d65%7Cf38a5ecd28134862b11bac1d563c806f%7C0%7C >>>> 0%7C636958778999592924&sdata=mJ59FD6KSYn1jXHN0yRRagKf6BHdWn7N1ZXmV >>>> 4BtBi8%3D&reserved=0 [2] >>>> https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhelp >>>> .github.com%2Fen%2Farticles%2Fsigning-commits&data=02%7C01%7Cpwick >>>> s%40micron.com%7Cc2f20a00f6424597c10708d6eea27d65%7Cf38a5ecd28134862b1 >>>> 1bac1d563c806f%7C0%7C0%7C636958778999592924&sdata=%2BiByT0SfcxSsoL >>>> XgS4VFLI1DTBn9BW3vD1iPvCCqRSI%3D&reserved=0 >>>
