I will admit I've never setup GPG signing on Linux. I'm sure there are some additional challenges there.
Not sure if it is helpful, but there are a few things related to Linux that are mentioned on this Github page: https://help.github.com/en/articles/telling-git-about-your-signing-key On Tue, Jun 11, 2019 at 3:45 PM Kevin Doran <kdo...@apache.org> wrote: > > Yep, I support these suggestions. > > Setting up GPG does have a learning curve for folks that haven't done > it before, but I think our community would be helpful in assisting > folks on the mailing list and Apache NiFi Slack where they run into > trouble. It's a good practice to learn and once setup there's not much > more to do to get the benefits of it. > > Setting up GPG is also required when acting as release manager in > order to sign convenience binaries (and soon, as Andy brought up, > maven release artifacts as well - I think that is also a good idea), > so the effort required to get setup for GPG has lots of benefits for > folks that are interested in RM'ing as well. > > Kevin > > On Tue, Jun 11, 2019 at 3:30 PM Peter Wicks (pwicks) <pwi...@micron.com> > wrote: > > > > I like having signed commits. I develop on both Windows and Linux, but have > > only had success getting signing working on Windows (which was a bit > > complicated as it was). You can see when I switched from mostly Windows to > > mostly Linux by when I stopped signing commits... > > > > Thanks, > > Peter > > > > -----Original Message----- > > From: Andy LoPresto <alopre...@apache.org> > > Sent: Tuesday, June 11, 2019 1:25 PM > > To: dev@nifi.apache.org > > Subject: [EXT] Re: GitHub Stuff > > > > I strongly support both of these suggestions. Thanks for starting the > > conversation Bryan. GPG signing is very important for security and for > > encouraging the rest of the community to adopt these practices as well. > > > > > > Andy LoPresto > > alopre...@apache.org > > alopresto.apa...@gmail.com > > PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4 BACE 3C6E F65B 2F7D EF69 > > > > > On Jun 11, 2019, at 11:42 AM, Bryan Bende <bbe...@gmail.com> wrote: > > > > > > I had two thoughts related to our GitHub usage that I wanted to throw > > > out there for PMC members and committers... > > > > > > 1) I think it would be helpful if everyone setup the link between > > > their Apache id and github [1]. Setting up this link puts you into the > > > nifi-committers group in Apache (currently 17 of us are in there), and > > > I believe this is what controls the list of users that can be selected > > > as a reviewer on a pull request. Since PRs are the primary form of > > > contribution, it would be nice if all of the PMC/committers were in > > > the reviewer list, but of course you can continue to commit against > > > Gitbox without doing this. > > > > > > 2) I also think it would be nice if most of the commits in the repo > > > were signed commits that show up as "Verified" in GitHub [2]. Right > > > now I think we lose the verification if the user reviewing the commit > > > doesn't have signing setup, because when you amend the commit to add > > > "This closes ...", it technically produces a new commit hash, thus > > > making the original signature no longer apply (at least this is what I > > > think is happening, but other may know more). > > > > > > These are obviously just my opinions and no one has to do these > > > things, but just thought I would throw it out there for discussion in > > > case anyone wasn't aware. > > > > > > -Bryan > > > > > > [1] > > > https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitb > > > ox.apache.org%2Fsetup%2F&data=02%7C01%7Cpwicks%40micron.com%7Cc2f2 > > > 0a00f6424597c10708d6eea27d65%7Cf38a5ecd28134862b11bac1d563c806f%7C0%7C > > > 0%7C636958778999592924&sdata=mJ59FD6KSYn1jXHN0yRRagKf6BHdWn7N1ZXmV > > > 4BtBi8%3D&reserved=0 [2] > > > https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhelp > > > .github.com%2Fen%2Farticles%2Fsigning-commits&data=02%7C01%7Cpwick > > > s%40micron.com%7Cc2f20a00f6424597c10708d6eea27d65%7Cf38a5ecd28134862b1 > > > 1bac1d563c806f%7C0%7C0%7C636958778999592924&sdata=%2BiByT0SfcxSsoL > > > XgS4VFLI1DTBn9BW3vD1iPvCCqRSI%3D&reserved=0 > >
