Skip to content

Releases: sequoia-pgp/authenticate-commits

Authenticate Commits Using a Signing Policy

14 Sep 07:31
@nwalfield nwalfield
v1.0.1
This tag was signed with the committer’s verified signature. The key has expired.
nwalfield Neal H. Walfield
GPG key ID: 7223B56678E02528
Expired
Learn about vigilant mode.
7880c1f
This commit was signed with the committer’s verified signature.
nwalfield Neal H. Walfield
GPG key ID: 6863C9AD5B4D22D3
Learn about vigilant mode.
Compare
Choose a tag to compare
Authenticate Commits Using a Signing Policy Latest
Marketplace
Latest
Marketplace

By itself, a signature on a commit doesn't mean much. Anyone can generate a key, and create a signature. Signing commits is useful when the signatures are checked against a policy. Sequoia git, https://gitlab.com/sequoia-pgp/sequoia-git), specifies a set of semantics, defines a policy language, and provides a set of tools to manage a policy file, and authenticate commits. The authenticate-commits action checks that the commits in a pull request are signed, and authorized according to the project's policy.

Assets 2
Loading