On Fri, Jul 25, 2014 at 11:37 AM, Jan Rusnacko <[email protected]> wrote: > > * this seems to be enabled globally in git config, so what about users who > do not wish to sign their work (e.g. don`t have personal GPG key), but do > what password files signed ? >
>From the man page: If the git config key pass.signcommits is set to true, then all commits > will be signed using *user.signingkey* or the default git signing key. > This config key may be turned on using: `pass git config --bool --add > pass.signcommits true` > * if it exists, is the git signature checked (automatically) before the > password is retrieved ? I believe not. > You can verify the git repo any time you like using the ordinary git commands. Consult the git documentation for best practices and ways of hooking this. > > -- > Jan Rusnacko, Red Hat Product Security >
_______________________________________________ Password-Store mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/password-store
