From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 200FB437FA for ; Sun, 28 Aug 2022 17:50:53 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 43E2468B991; Sun, 28 Aug 2022 20:50:50 +0300 (EEST) Received: from relay5-d.mail.gandi.net (relay5-d.mail.gandi.net [217.70.183.197]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 3A92C68B8D7 for ; Sun, 28 Aug 2022 20:50:43 +0300 (EEST) Received: (Authenticated sender: michael@niedermayer.cc) by mail.gandi.net (Postfix) with ESMTPSA id 8A53B1C0003 for ; Sun, 28 Aug 2022 17:50:42 +0000 (UTC) Date: Sun, 28 Aug 2022 19:50:41 +0200 From: Michael Niedermayer To: FFmpeg development discussions and patches Message-ID: <20220828175041.GH2088045@pb2> References: <20220809193439.13308-1-michael@niedermayer.cc> <836171e4-28e8-8341-205f-ef9eb598b964@gmail.com> <20220809221902.GC2088045@pb2> <20220823180032.GM2088045@pb2> <7350c2a3-9389-c1d5-6a06-f6b7ae3ff725@gmail.com> MIME-Version: 1.0 In-Reply-To: <7350c2a3-9389-c1d5-6a06-f6b7ae3ff725@gmail.com> Subject: Re: [FFmpeg-devel] [PATCH v2] doc/git-howto.texi: Document commit signing X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: multipart/mixed; boundary="===============0208903926214349576==" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: --===============0208903926214349576== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="LDD4nbZpSQFEjkKT" Content-Disposition: inline --LDD4nbZpSQFEjkKT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Aug 23, 2022 at 03:07:53PM -0300, James Almer wrote: > On 8/23/2022 3:00 PM, Michael Niedermayer wrote: > > On Wed, Aug 10, 2022 at 12:19:02AM +0200, Michael Niedermayer wrote: > > > On Tue, Aug 09, 2022 at 04:38:56PM -0300, James Almer wrote: > > > > On 8/9/2022 4:34 PM, Michael Niedermayer wrote: > > > > > From: Michael Niedermayer > > [...] > > >=20 > > > >=20 > > > > > +github consider mismatches a reason to declare such commits unve= rified. After generating a key you > > > > > +can add it to the MAINTAINER file and upload it to a keyserver. > > > >=20 > > > > Maybe link some external documentation about gpg keys, explaining t= he > > > > difference between public and private keys, > > >=20 > > > what do you recommend ? > >=20 > > ping ? > > we could link to the gpg docs but that seems kind of silly >=20 > I have no recommendation. >=20 > >=20 > >=20 > > >=20 > > >=20 > > > > how to encrypt the private one > > > > with a passphrase, etc. > > >=20 > > > Have you tried to generate a gpg key without a passphrase ? >=20 > I probably mixed it in my mind with ssh keys, where you can store a priva= te > key unencrypted. >=20 > > > I just tried, and failed, gpg keeps asking for a passphrase until you= enter > > > one or kill it. It kept haunting me and asking for a passphrase even = after > > > trying ctrl-c > > >=20 > > >=20 > > > > Sites like gitlab tell you to not attempt to upload private keys, > > >=20 > > > ok > > >=20 > > >=20 > > > > so i > > > > imagine quite a lot of people have mistakenly done so in the past. > > >=20 > > > imagine? >=20 > "Every sign has a story". If Gitlab tells you to make sure to not attempt= to > upload a private key, then it could be that it has happened at some point. >=20 > > >=20 > > > but what do you suggest? we can document how someone can create a key > > > upload it and so on. You can provide me with a url that describes a > > > working documentation for that, i surely do not have one. alot of > > > documentations are somewhat bad. Many keyservers have died recently > > > some existing keys like DSA seem to have some affinity to SHA1, and > > > SHA1 is rejected today while at the same time still default on many > > > setups, the one documentation i saw today to fix that DSA/SHA1 issue > > > requires you to have a backup as it breaks your keys and is wrong. >=20 > If there's no good documentation or tutorial for this, then lets not both= er > with it. Your patch should be fine as is. There may be a good one, its just that i dont know what to link to will apply thx [...] --=20 Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Never trust a computer, one day, it may think you are the virus. -- Compn --LDD4nbZpSQFEjkKT Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABEIAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCYwuq8QAKCRBhHseHBAsP q3brAKCEv3APaZQexxNmAWvTLbpD+NUW1QCgjSS9OzG0WR7ApuEblODka3nFXG0= =pfXw -----END PGP SIGNATURE----- --LDD4nbZpSQFEjkKT-- --===============0208903926214349576== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --===============0208903926214349576==--