From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id BD94243D90 for ; Tue, 9 Aug 2022 22:19:14 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id CDB4C68B800; Wed, 10 Aug 2022 01:19:11 +0300 (EEST) Received: from relay10.mail.gandi.net (relay10.mail.gandi.net [217.70.178.230]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 9C88A68B4C6 for ; Wed, 10 Aug 2022 01:19:05 +0300 (EEST) Received: (Authenticated sender: michael@niedermayer.cc) by mail.gandi.net (Postfix) with ESMTPSA id 0C722240002 for ; Tue, 9 Aug 2022 22:19:03 +0000 (UTC) Date: Wed, 10 Aug 2022 00:19:02 +0200 From: Michael Niedermayer To: FFmpeg development discussions and patches Message-ID: <20220809221902.GC2088045@pb2> References: <20220809193439.13308-1-michael@niedermayer.cc> <836171e4-28e8-8341-205f-ef9eb598b964@gmail.com> MIME-Version: 1.0 In-Reply-To: <836171e4-28e8-8341-205f-ef9eb598b964@gmail.com> Subject: Re: [FFmpeg-devel] [PATCH v2] doc/git-howto.texi: Document commit signing X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: multipart/mixed; boundary="===============7273087726211034378==" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: --===============7273087726211034378== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="CdJmqRynzCmrDwyG" Content-Disposition: inline --CdJmqRynzCmrDwyG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Aug 09, 2022 at 04:38:56PM -0300, James Almer wrote: > On 8/9/2022 4:34 PM, Michael Niedermayer wrote: > > From: Michael Niedermayer > >=20 > > Signed-off-by: Michael Niedermayer > > --- > > doc/git-howto.texi | 22 +++++++++++++++++++++- > > 1 file changed, 21 insertions(+), 1 deletion(-) > >=20 > > diff --git a/doc/git-howto.texi b/doc/git-howto.texi > > index 874afabbbc..48389751a4 100644 > > --- a/doc/git-howto.texi > > +++ b/doc/git-howto.texi > > @@ -187,11 +187,18 @@ to make sure you don't have untracked files or de= letions. > > git add [-i|-p|-A] > > @end example > > -Make sure you have told Git your name and email address > > +Make sure you have told Git your name, email address and GPG key > > @example > > git config --global user.name "My Name" > > git config --global user.email my@@email.invalid > > +git config --global user.signingkey ABCDEF0123245 > > +@end example > > + > > +Enable signing all commits or use -S > > + > > +@example > > +git config --global commit.gpgsign true > > @end example > > Use @option{--global} to set the global configuration for all your Gi= t checkouts. > > @@ -423,6 +430,19 @@ git checkout -b svn_23456 $SHA1 > > where @var{$SHA1} is the commit hash from the @command{git log} outpu= t. > > +@chapter gpg key generation > > + > > +If you have no gpg key yet, we recommand that you create a ed25519 bas= ed key as it >=20 > Recommend. >=20 > > +is small, fast and secure. Especially it results in small signatures i= n git. > > + > > +@example > > +gpg --default-new-key-algo "ed25519/cert,sign+cv25519/encr" --quick-ge= nerate-key "human@server.com" > > +@end example > > + > > +When genarting a key, make sure the email specified matches the email = used in git as some sites like >=20 > Generating ok >=20 > > +github consider mismatches a reason to declare such commits unverified= =2E After generating a key you > > +can add it to the MAINTAINER file and upload it to a keyserver. >=20 > Maybe link some external documentation about gpg keys, explaining the > difference between public and private keys,=20 what do you recommend ? > how to encrypt the private one > with a passphrase, etc. Have you tried to generate a gpg key without a passphrase ? I just tried, and failed, gpg keeps asking for a passphrase until you enter one or kill it. It kept haunting me and asking for a passphrase even after trying ctrl-c=20 > Sites like gitlab tell you to not attempt to upload private keys,=20 ok > so i > imagine quite a lot of people have mistakenly done so in the past. imagine? but what do you suggest? we can document how someone can create a key upload it and so on. You can provide me with a url that describes a working documentation for that, i surely do not have one. alot of documentations are somewhat bad. Many keyservers have died recently some existing keys like DSA seem to have some affinity to SHA1, and SHA1 is rejected today while at the same time still default on many setups, the one documentation i saw today to fix that DSA/SHA1 issue requires you to have a backup as it breaks your keys and is wrong. thx [...] --=20 Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Breaking DRM is a little like attempting to break through a door even though the window is wide open and the only thing in the house is a bunch of things you dont want and which you would get tomorrow for free anyway --CdJmqRynzCmrDwyG Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABEIAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCYvLdUgAKCRBhHseHBAsP q1rTAKCTlejTUqWpxyEiaItrBVdFutsVJwCggnIXu8E9KblqvJNUIOFRkgJXiQI= =qoJ9 -----END PGP SIGNATURE----- --CdJmqRynzCmrDwyG-- --===============7273087726211034378== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --===============7273087726211034378==--