You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@accumulo.apache.org by Christopher <ct...@apache.org> on 2016/04/06 04:28:50 UTC
GPG verification in GitHub tags
Devs,
I saw GitHub rolled out a new feature to verify GPG-signed commits and tags
in the UI [1]. If release managers upload their GPG public keys to their
profile in GitHub[2], it shows up as "Verified", which is pretty cool [3].
[1]: https://github.com/blog/2144-gpg-signature-verification
[2]: https://github.com/settings/keys
[3]: https://github.com/apache/accumulo/tags
Re: GPG verification in GitHub tags
Posted by Josh Elser <jo...@gmail.com>.
CHRISTOPHER. What is this voodoo. Looking into this now :)
Christopher wrote:
> You could just add the extra identity to your key. :)
>
> On Wed, Apr 6, 2016, 09:49 Josh Elser<jo...@gmail.com> wrote:
>
>> Well, it seems I made Github unhappy using a key for
>> josh.elser@gmail.com but having the email on the commit/tag be
>> elserj@apache :)
>>
>> But, some of the releases I made are now listed as "verified".
>>
>> Christopher wrote:
>>> Devs,
>>>
>>> I saw GitHub rolled out a new feature to verify GPG-signed commits and
>> tags
>>> in the UI [1]. If release managers upload their GPG public keys to their
>>> profile in GitHub[2], it shows up as "Verified", which is pretty cool
>> [3].
>>> [1]: https://github.com/blog/2144-gpg-signature-verification
>>> [2]: https://github.com/settings/keys
>>> [3]: https://github.com/apache/accumulo/tags
>>>
>
Re: GPG verification in GitHub tags
Posted by Christopher <ct...@apache.org>.
You could just add the extra identity to your key. :)
On Wed, Apr 6, 2016, 09:49 Josh Elser <jo...@gmail.com> wrote:
> Well, it seems I made Github unhappy using a key for
> josh.elser@gmail.com but having the email on the commit/tag be
> elserj@apache :)
>
> But, some of the releases I made are now listed as "verified".
>
> Christopher wrote:
> > Devs,
> >
> > I saw GitHub rolled out a new feature to verify GPG-signed commits and
> tags
> > in the UI [1]. If release managers upload their GPG public keys to their
> > profile in GitHub[2], it shows up as "Verified", which is pretty cool
> [3].
> >
> > [1]: https://github.com/blog/2144-gpg-signature-verification
> > [2]: https://github.com/settings/keys
> > [3]: https://github.com/apache/accumulo/tags
> >
>
Re: GPG verification in GitHub tags
Posted by Josh Elser <jo...@gmail.com>.
Well, it seems I made Github unhappy using a key for
josh.elser@gmail.com but having the email on the commit/tag be
elserj@apache :)
But, some of the releases I made are now listed as "verified".
Christopher wrote:
> Devs,
>
> I saw GitHub rolled out a new feature to verify GPG-signed commits and tags
> in the UI [1]. If release managers upload their GPG public keys to their
> profile in GitHub[2], it shows up as "Verified", which is pretty cool [3].
>
> [1]: https://github.com/blog/2144-gpg-signature-verification
> [2]: https://github.com/settings/keys
> [3]: https://github.com/apache/accumulo/tags
>
Fwd: GPG verification in GitHub tags
Posted by Sean Busbey <bu...@cloudera.com>.
FYI.
You can see how we're doing here, on the right hand side.
https://github.com/apache/yetus/tags
---------- Forwarded message ----------
From: Christopher <ct...@apache.org>
Date: Tue, Apr 5, 2016 at 7:28 PM
Subject: GPG verification in GitHub tags
To: Accumulo Dev List <de...@accumulo.apache.org>
Devs,
I saw GitHub rolled out a new feature to verify GPG-signed commits and tags
in the UI [1]. If release managers upload their GPG public keys to their
profile in GitHub[2], it shows up as "Verified", which is pretty cool [3].
[1]: https://github.com/blog/2144-gpg-signature-verification
[2]: https://github.com/settings/keys
[3]: https://github.com/apache/accumulo/tags
--
busbey