User: Password:
Subscribe / Log in / New account

Authenticating Git pull requests

Authenticating Git pull requests

Posted Nov 18, 2011 17:38 UTC (Fri) by mathstuf (subscriber, #69389)
In reply to: Authenticating Git pull requests by nybble41
Parent article: Authenticating Git pull requests

They could have a setting where you give your fingerprints and then the interface can mark emails based on trustworthiness given the public chain of trust with the keys. Sure, signing in-browser is something I'd never do, but *verifying*...that should be possible.

(Log in to post comments)

Authenticating Git pull requests

Posted Nov 18, 2011 18:31 UTC (Fri) by nybble41 (subscriber, #55106) [Link]

Oh, I agree that public key management and verification in the web client could be useful (though it could also be subverted more easily than a local GPG installation and keyring). Integration with the key server network, links between contacts and public keys, etc., would be very convenient, provided you could trust it. You wouldn't be able to decrypt anything, but perhaps you only want to verify signed cleartext.

However, you'd still need GPG on your own system to send signed messages, and a local public keyring for encryption. Once you have that plus a browser extension like FireGPG, how much extra benefit would the direct integration bring?

Authenticating Git pull requests

Posted Nov 18, 2011 18:41 UTC (Fri) by mathstuf (subscriber, #69389) [Link]

When I'm using someone else's computer to check email? Like I said, I'd never trust my browser to touch my private keyring, so that isn't a question for me. Friends who know approximately nothing of GPG could get a message stating that there is *some* reason to expect that the email I sent is actually from me other than the From header.

This brings up the problem that there needs to be a way to communicate that a signature is expected. Anything in the mail doesn't work, so there needs to be some server-side implementation for this.

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds