undefined | Better HN

0 pointsnjaremko2y ago0 comments

I think letting me give you a gpg private key and you sign commits with that would be ideal. I'm not sure how the app signing commits would work, since it needs to be signed by a member of our org I believe?

0 comments

3 comments · 2 top-level

amtamt2y ago· 1 in thread

then why not let them generate the key itself?

njaremkoOP2y ago

So I can revoke the key if I need to (my understanding is that you need the private key for that)

Xiulung2y ago

Yep, our app signing the commits would mean requiring your org to approve the app as "someone" who can contribute to the repo

j / k navigate · click thread line to collapse