56/66: programming-2022: Mention SSH signatures.

Wed, 29 Jun 2022 08:33:17 -0700 

civodul pushed a commit to branch master
in repository maintenance.

commit 56d74d1921e87fff0c9a506222564bc513a2ab7b
Author: Ludovic Courtès <[email protected]>
AuthorDate: Thu Apr 28 15:40:36 2022 +0200

    programming-2022: Mention SSH signatures.
    
    * doc/programming-2022/supply-chain.skb: Update footnote to mention
    SSH signatures.  Refer to git2021:relnotes instead of
    huseby2021:git-crypto.
---
 doc/programming-2022/security.sbib    | 7 +++++++
 doc/programming-2022/supply-chain.skb | 8 +++++---
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/doc/programming-2022/security.sbib 
b/doc/programming-2022/security.sbib
index cad19b5..0879f48 100644
--- a/doc/programming-2022/security.sbib
+++ b/doc/programming-2022/security.sbib
@@ -291,6 +291,13 @@ Thayer")
   (year "2021")
   (url "https://github.com/cryptidtech/git-cryptography-protocol";))
 
+(misc git2021:relnotes
+  (author "Git contributors")
+  (title "Git 2.34 Release Notes")
+  (year "2021")
+  (month "November")
+  (url 
"https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.34.0.txt";))
+
 (misc courtes2016:authentication
   (author "Ludovic Courtès, Guix contributors")
   (year "2016")
diff --git a/doc/programming-2022/supply-chain.skb 
b/doc/programming-2022/supply-chain.skb
index 91b5486..cfd5cab 100644
--- a/doc/programming-2022/supply-chain.skb
+++ b/doc/programming-2022/supply-chain.skb
@@ -993,9 +993,11 @@ broad and extensible specification ,(ref :bib
 More focused options such as minisign ,(ref :bib
 'denis2021:minisign-web) looked more appealing.  However, we felt that
 the fact that OpenPGP commit signing is well-supported by Git,(footnote
-[As of this writing, Git tools only support OpenPGP, but work started in
-2021 to support cryptography tools other than OpenPGP/GnuPG ,(ref :bib
-'huseby2021:git-crypto).]) makes a significant practical difference:
+[When we started this work, the command-line Git tool would only support
+OpenPGP signatures.  Since the release of Git 2.34.0 in November
+2021, one can additionally sign commits and tags with OpenSSH, the
+secure shell client ,(ref :bib 'git2021:relnotes).])
+makes a significant practical difference:
 developers can easily be set up to sign commits with GnuPG and commands
 such as ,(tt [git log]) can verify and display signatures; ways to deal
 with OpenPGP keys and signatures, although complex, are also

Reply via email to