* An analogue for commit.gpgsign but for verifying signatures on each pull
@ 2023-11-06 5:34 luckyguy
0 siblings, 0 replies; only message in thread
From: luckyguy @ 2023-11-06 5:34 UTC (permalink / raw)
To: git@vger.kernel.org
Hello. I apologize if this question has been asked before.
Is there anyway I can configure git to *automatically* verify the signature of the HEAD of any branch it pulls and fail if that signature is bad or missing? I'm hoping for something as convenient as `commit.gpgSign` that can be configured globally.
I can, of course, do this "manually" but others may forget or may not be knowledgeable to do this on their own. I would like git to locally enforce this, rather than some upstream server, so that new commits don't accidentally get built on top of bad commits.
If no such functionality exists in git today, then I humbly ask that this feature be considered. Perhaps `pull.gpgVerify`?
Thank you for your time.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2023-11-06 5:34 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-11-06 5:34 An analogue for commit.gpgsign but for verifying signatures on each pull luckyguy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).