Hi All, Gitlab now supports verification of commit signatures and it would be awesome if we start signing commits. It is a relatively painless process and happens automatically with little configuration.
Spoofing authors in git is quite easy, actually provided as a command line option (--author, --reset-author), and I believe it would be a good practice to sign all the commits (even outside of Mailman). Here are steps for how you can do that: 1. Add your public key to Gitlab (https://gitlab.com/profile/gpg_keys) 2. Commit with `-S` (capital S) Here is the relevant section of `.gitconfig` to auto-sign every commit you make (no need for step 2 if you do this): ``` [user] name = Abhilash Raj email = raj.abhila...@gmail.com signingkey = 541EA0448453394FF77A0ECC9D9B2BA061D0A67C [commit] gpgsign = true ``` Once you have pushed a signed commit to Gitlab and have uploaded your gpg public key, you will see a green "Verified" button alongside every commit. (See https://gitlab.com/maxking/mailman/commits/msapiro/mailman-pending) -- Abhilash Raj maxk...@asynchronous.in _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9