Programmer Humor

22472 readers

1049 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 2 years ago

MODERATORS

[email protected]

219

me when i find out i can use ssh to sign my git commits (lemmings.world)

submitted 6 days ago by [email protected] to c/[email protected]

35 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 49 points 6 days ago* (last edited 6 days ago) (29 children)

The only real advantage to using SSH vs PGP keys is you don't need an external dependency (GPG). PGP is always going to be better, because you get the advantage of WOT, and PGP public key servers to verify identities over just "this is who I am, here's my key." You should always sign your commits, no matter what you use. Identity verification is very important in open source.

$ git config --global gpg.format ssh
$ git config --global user.signingkey ~/.ssh/examplekey.pub

[–] [email protected] 17 points 6 days ago (25 children)

Are you using your public ssh key for signing? Wouldn't it make more sense to use the private one as people can then verify your identity by using your public key?

[–] [email protected] 35 points 6 days ago* (last edited 6 days ago) (1 children)

Ha, good catch! Behind the scences, git is actually using your private key to sign the commit. You're only specifying the ssh key git should ask ssh-agent about. You can also specify the private key and actually need to when not using an agent and the key is not available. See docs

[–] [email protected] 6 points 6 days ago

OH! Now I see! Thanks for pointing that out.

load more comments (23 replies)

load more comments (26 replies)