Y
Hacker News
new
|
ask
|
show
|
jobs
by
njaremko
999 days ago
I think letting me give you a gpg private key and you sign commits with that would be ideal. I'm not sure how the app signing commits would work, since it needs to be signed by a member of our org I believe?
2 comments
Xiulung
999 days ago
Yep, our app signing the commits would mean requiring your org to approve the app as "someone" who can contribute to the repo
link
amtamt
999 days ago
then why not let them generate the key itself?
link
njaremko
999 days ago
So I can revoke the key if I need to (my understanding is that you need the private key for that)
link