~sircmpwn/git.sr.ht#342: 
Add support for PGP-signed git pushes.

See https://people.kernel.org/monsieuricon/signed-git-pushes

git can use gpg to sign push actions, not just commits/tags. The resulting push signature can be used to generate a transparency log of which account pushed certain commits to any given branch, and when. It can also be used to outright reject unsigned or invalid pushes.

It would be really useful from a security perspective to advertise support for and process signed pushes, as an audit log feature. And opt in to enforcing this for all pushes for people who want to guarantee that all push actions are securely audited.

Status
REPORTED
Submitter
~eschwartz
Assigned to
No-one
Submitted
1 year, 1 month ago
Updated
1 year, 1 month ago
Labels
No labels applied.