[Please keep the mailing list cc'd.]
On Sat, Jul 22, 2017 at 12:32:40PM -0400, Ghost Squad 57 wrote:
> Personally, I just want cgit to show the key used to sign the commit, not
> necessarily validate it. Validation could always be done on the user's side.
I would be very concerned about giving a
Phew, that part isn't easy to solve.
cgit has no input forms that write persistent data (regarding server
security, i'm glad it does not have that).
So we don't have a keyring of user-uploaded GPG-Pubkeys to fetch key
information from, like github does.
So we have two options:
1. read the fingerpr