From: i at monkz.de (MonkZ)
Subject: GPG-signing of commits was: Re: your mail
Date: Sun, 23 Jul 2017 13:14:09 +0200 [thread overview]
Message-ID: <c6a3239e-9142-1e77-eeea-fadd4beadef4@monkz.de> (raw)
In-Reply-To: <20170722120443.GJ1600@john.keeping.me.uk>
Phew, that part isn't easy to solve.
cgit has no input forms that write persistent data (regarding server
security, i'm glad it does not have that).
So we don't have a keyring of user-uploaded GPG-Pubkeys to fetch key
information from, like github does.
So we have two options:
1. read the fingerprint and provide a link to a (configurable) search
page like https://pgp.key-server.io/ or https://pgp.mit.edu/, to enable
users to look at the key (if it is uploaded there). This wouldn't allow
cgit to perform validity checks and i'm not in favor of this option.
2. a admin-operated GPG keyring specifically for cgit, where the admin
decides which key would be in this keyring and/or if he trusts this key.
Based on this, cgit can display key information and validitiy (please be
aware that keys may sign commits even if they are forged), and if the
admin trusts this key... maybe a green checkmark and a text "this
signature is trusted by (this site|the admin of this site|site
owner|<configurable>)"
And a red X if the signature is valid but the trustlevel is "I do NOT
trust".
Maybe we should even avoid giving people a false sense of security, by
showing every GPG signature or link to searchpages, leading them to
think everything is cryptographically secure.
A configurable trustlevel threshold with a reasonable default ("show
only signatures if the trustlevel is set" or "show only fully trusted keys")
MfG
MonkZ
On 22.07.2017 14:04, John Keeping wrote:
> On Tue, May 09, 2017 at 03:35:57AM -0400, Ghost Squad 57 wrote:
>> Lately I've gotten into the habit of signing commits and tags with my GPG
>> key (https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work)
>>
>> But it appears cgit doesn't support showing commits that have been signed.
>>
>> Is there a way to enable this?
>
> No, we don't have any support for this at the moment. What would you
> expect to see for a signed commit? Do you want the server to validate
> the signature? In which case, how should the trusted signers be
> configured?
> _______________________________________________
> CGit mailing list
> CGit at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/cgit
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/cgit/attachments/20170723/73d53bb3/attachment.asc>
next prev parent reply other threads:[~2017-07-23 11:14 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-09 7:35 No subject keithhendersonjr
2017-07-22 12:04 ` your mail john
2017-07-23 11:14 ` i [this message]
[not found] ` <CAGveaD7+RRwk7L-b9m3MCxokvLy7Yn6Tsw44zpOx0fDPqyYHVQ@mail.gmail.com>
2017-07-23 12:00 ` john
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c6a3239e-9142-1e77-eeea-fadd4beadef4@monkz.de \
--to=cgit@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).