Re: git signed push server-side
- Date: Fri, 25 Aug 2017 18:16:51 -0700
- From: Junio C Hamano <gitster@xxxxxxxxx>
- Subject: Re: git signed push server-side
Jonathan Nieder <jrnieder@xxxxxxxxx> writes:
> I think respecting gpg.program would be nicer. Is there a reason not
> to do that?
> I suspect receive-pack just forgot to call git_gpg_config.
That would be a good change.
> How is the keyring configured for other commands that use GPG, like
> "git tag -v"? (Forgive my laziness in not looking it up.)
AFAIR we never do anything special, so you should be able to point
GNUPGHOME to wherever you like to use the desired configuration.
> I also wonder why you say the git configuration system is unsuited to
> keeping secrets. E.g. passing an include.path setting with -c or
> GIT_CONFIG_PARAMETERS should avoid the kinds of trouble you described.
> Is there a change we could make to make it work better? That said, I
> think being able to name a file is a good idea.
I also wonder that too. The configuration file that has the
filename could be made just as secret and unreadable from public as
the new file that stores the seed with the same mechanism, I would
>> 5. There are no docs on how to use this feature properly
>> (Debian #852695, #852688 part 1)
>> Using the signed push feature requires careful programming on the
>> server side. There should be a doc explaining how to do this.
This was rather deliberately left underspecified, hoping that the
BCP would emerge after people gain experience. As Ian is looking
into this and hopefully gain real-world experience, we can have a
good BCP description after he is done with his project ;-)
> Yes, that sounds like a very welcome kind of thing to add.