undefined | Better HN

0 pointsgocartStatue6y ago0 comments

> It might not be directly integrated with git

That's the problem I see. I have signingkey in .gitconfig, together with [commit] gpgsign = true. This way, set & forget, all my commits are signed (it's my employer requirement, probably some "compliance" stuff). You can see it right away nicely displayed as "Verified" on github. I didn't know about GPG-s supposedly weak security until now, but always considered it not very convenient to use.

0 comments

paulddraper6y ago

Ah, well if your employer mandates PGP signatures on every commit, that's that.

FWIW, the creator of git argues that signing of every commit is essentially pointless. [1] I agree.

[1] http://git.661346.n2.nabble.com/GPG-signing-for-git-commit-t...

j / k navigate · click thread line to collapse

0 pointsgocartStatue6y ago0 comments

> It might not be directly integrated with git

0 comments

paulddraper6y ago

Ah, well if your employer mandates PGP signatures on every commit, that's that.

FWIW, the creator of git argues that signing of every commit is essentially pointless. [1] I agree.

[1] http://git.661346.n2.nabble.com/GPG-signing-for-git-commit-t...

j / k navigate · click thread line to collapse