Commit signing is a git feature, so git itself can be used to check your last commits are signed:
git log --show-signature This will look the same as git log if the commit is unsigned, and show the result of gpg —verify otherwise. Red background if unverified (eg. you don't have the public key) and green otherwise. This should zake it easy to spot whether you signed the last commits or not Le 27 octobre 2022 02:07:40 GMT+02:00, jgart <[email protected]> a écrit : >On Wed, 26 Oct 2022 09:07:57 +0200 Julien Lepiller <[email protected]> wrote: >> It says fingerprint, so it's fingerprint. Using email or name would not be >> as secure. >> >> Le 26 octobre 2022 07:35:20 GMT+02:00, jgart <[email protected]> a écrit : >> >On Wed, 26 Oct 2022 07:21:35 +0200 Julien Lepiller <[email protected]> >> >wrote: >> >> From the manual: "signer is the OpenPGP fingerprint of public key used to >> >> sign commit.", but we should still catch this error :) >> > >> >Is it possible to give the email instead of the fingerprint? >> > >> >Deduce the fingerprint from the email? > >Julien and/or anyone else, > >What do you think if we have a CLI flag for git authenticate that would >allow us to do this to authenticate the last 5 commits against the >3B1D7F19E36BB60C0F5B2CA9A52AA2B477B6DD35 fingerprint, for example: > >guix git authenticate 3B1D7F19E36BB60C0F5B2CA9A52AA2B477B6DD35 -5 > >I've run into situations where I can't remember if I signed a commit or not. > >IWBC if I could just say authenticate the last commits against my >fingerprint instead of going one by one. If this already exists and is >not documented then we should definitely document that usage with an >example to let others know. > >all best, > >jgart
