Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:113909 Return-Path: Delivered-To: mailing list internals@lists.php.net Received: (qmail 58501 invoked from network); 1 Apr 2021 14:23:13 -0000 Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5) by pb1.pair.com with SMTP; 1 Apr 2021 14:23:13 -0000 Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id 73120180503 for ; Thu, 1 Apr 2021 07:21:00 -0700 (PDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, HTML_MESSAGE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE, SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Virus: No X-Envelope-From: Received: from mail-yb1-f169.google.com (mail-yb1-f169.google.com [209.85.219.169]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Thu, 1 Apr 2021 07:21:00 -0700 (PDT) Received: by mail-yb1-f169.google.com with SMTP id z1so1952898ybf.6 for ; Thu, 01 Apr 2021 07:21:00 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:reply-to :from:date:message-id:subject:to:cc; bh=HqVj3hDahFLzGq3VQz+e/KFcdZE+LdAOf1KY8MYsb7c=; b=RDIp+19GKaVxUDuzmH8AKYDfi282ad5IEqXiTKSrUWiXvhljmtnaqe8WSjrkELmLKP dSVHGH7sQYjafyVqjs3KdsePzPLFlzqJRg8zm5AH7U7Li0P+XWf9b4IyCuZzYSDCBX+j pPMumA9UqyYQczGeZYLSwEn3pLQTU8wXoN1/pC2Ay33rHBKCQI9SEgFAFXOOUaZE/wqh nrUEBzMkb5A5FPyKTOZQltRPHTMX77h2toRIcuQOZnj+e2HdAQoeMDY1RbX3pUcG2lPi sVJf4BShGmiJYRwTBrSCq1tsHXDYkP13jusnMb2L/jNRDpk+0WAMBOKV8mAP0T4b2drF 5pdg== X-Gm-Message-State: AOAM5321ikzmAcCDkq0A7cCUlTHMfcc9JshfrU0D4Qcah+fOftgOulLA zNOh7lSd5nAqAe4sQIqk5tVUaAvNp4VdjGPu6Sk= X-Google-Smtp-Source: ABdhPJzAR9Iqtf74usfR3vF65ZHG8dbD/01bsYrhJd6KNvTpT6jplyYg4M5fw4Jn6byMnn+A081OgkZHVpvGJiaU6X8= X-Received: by 2002:a25:71d7:: with SMTP id m206mr12843420ybc.282.1617286859369; Thu, 01 Apr 2021 07:20:59 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: Reply-To: bishop@php.net Date: Thu, 1 Apr 2021 10:20:23 -0400 Message-ID: To: Rowan Tommins Cc: PHP internals Content-Type: multipart/alternative; boundary="000000000000c0afbd05bee9f043" Subject: Re: [PHP-DEV] Changes to Git commit workflow From: bishop@php.net (Bishop Bettini) --000000000000c0afbd05bee9f043 Content-Type: text/plain; charset="UTF-8" On Thu, Apr 1, 2021 at 9:22 AM Rowan Tommins wrote: > On 01/04/2021 05:54, Bishop Bettini wrote: > > I've documented why we need signing, and how to set it up: > > > > https://wiki.php.net/vcs/commit-signing > > > > Feedback welcomed! > > > This looks great, and very easy to follow. > > One edit I would strongly suggest though: > > Remove the "Passphrase:" line from the --generate-key command, so that > gpg will prompt interactively for the passphrase using the same entry as > it will use later when signing. You should never include a password or > passphrase in a command if you can avoid it, as it will be visible on > your screen, and stored in plain text in your shell history. > > > Some additional tips that might be worth adding: > > As an advanced setup suggestion, "gpg --full-generate-key" launches a > wizard with a couple of extra prompts. > > If you're on Ubuntu and don't have a new enough git (e.g. 18.04LTS ships > with 2.17.1), there is an official PPA to upgrade it; just run: "sudo > add-apt-repository ppa:git-core/ppa && sudo apt update && sudo apt > install git" > > Before pushing to github, you can verify the signature on a commit > locally with "git show --show-signature HEAD", or similarly for a tag by > passing the tag name. > Excellent suggestions. I've updated the guide with these. I also added a FAQ. https://wiki.php.net/vcs/commit-signing Thank you! --000000000000c0afbd05bee9f043--