On Fri, May 03, 2019 at 15:44:26 +0200, Werner Koch wrote:
> Use ECC keys with Yubikeys or use a Gnuk based token like the original
> Gnuk token or one from another venodor like Nitrokey. I use a GnuK
> token with an ed25519 signing key to sign my commits. IMHO, token based
> 4k RSA keys are too
On Tue, 30 Apr 2019 06:55, david.mi...@gmail.com said:
> We’re considering rolling out GnuPG at work for developers to sign git
> commits.
> How can we prevent developers from choosing a trivial password?
You can't but it is not a problem. The passphrase is used to protect
the private key in