I got this article in a reply to a different conversation, and for the most part I agree with it. Gpg is old and we have better ways. I like signing my commits, I like feeling that these commits are actually and provably mine. But I’m not married to GPG like I used to be, I’d like a better way. The problem is that git used gpg for signing. I learned about this new thing called minisign and I wanna use it with git. So how do we switch? And if we can’t switch, then how do we fix GPG?

  • Skyzyx@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    IIRC, GitHub.com and GitHub Enterprise support using SSH for signing. I think that whatever is used should leverage asymmetric/public-key cryptography.

    Passkeys maybe?