Git stash gpg prompting

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* Git stash gpg prompting
@ 2014-05-30 20:07 Eddie Monge
  2014-05-30 20:24 ` Jeff King
  0 siblings, 1 reply; 3+ messages in thread
From: Eddie Monge @ 2014-05-30 20:07 UTC (permalink / raw)
  To: git

Git stash is prompting for passphrase to try to "sign" the changes
being stashed.

Reproduce:
Add to global gitconfig with signing key:
```
[commit]
  gpgsign = true
```
Go to a repo, make some changes, and then run `git stash`

Expected: stash the changes as normal
Actual: git prompts for passphrase (if set)

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Git stash gpg prompting
  2014-05-30 20:07 Git stash gpg prompting Eddie Monge
@ 2014-05-30 20:24 ` Jeff King
  2014-05-30 20:31   ` Junio C Hamano
  0 siblings, 1 reply; 3+ messages in thread
From: Jeff King @ 2014-05-30 20:24 UTC (permalink / raw)
  To: Eddie Monge; +Cc: git

On Fri, May 30, 2014 at 01:07:16PM -0700, Eddie Monge wrote:

> Git stash is prompting for passphrase to try to "sign" the changes
> being stashed.
> 
> Reproduce:
> Add to global gitconfig with signing key:
> ```
> [commit]
>   gpgsign = true
> ```
> Go to a repo, make some changes, and then run `git stash`
> 
> Expected: stash the changes as normal
> Actual: git prompts for passphrase (if set)

Well, yeah...stash is making a commit (two, actually), so it wants you
to sign it. :)

I suspect that using "git notes" has a similar problem. I can see an
argument for not signing stashes, as they are meant to be temporary and
not shared. I do think notes probably should be signed.

However, I wonder if it is really ever going to be sane to set
commit.gpgsign and not use something like gpg-agent. For example, if you
were to ever "git rebase" a patch series (or even just use "git rebase
-i" to refactor commits), you would be prompted for your passphrase to
sign each individual patch.

-Peff

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Git stash gpg prompting
  2014-05-30 20:24 ` Jeff King
@ 2014-05-30 20:31   ` Junio C Hamano
  0 siblings, 0 replies; 3+ messages in thread
From: Junio C Hamano @ 2014-05-30 20:31 UTC (permalink / raw)
  To: Jeff King; +Cc: Eddie Monge, git

Jeff King <peff@peff.net> writes:

> However, I wonder if it is really ever going to be sane to set
> commit.gpgsign and not use something like gpg-agent.
>
> For example, if you
> were to ever "git rebase" a patch series (or even just use "git rebase
> -i" to refactor commits), you would be prompted for your passphrase to
> sign each individual patch.

Correct.

I actually doubt it is sane to set commit.gpgsign to true and trust
gpg-agent, but that is a separate issue.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2014-05-30 20:31 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-05-30 20:07 Git stash gpg prompting Eddie Monge
2014-05-30 20:24 ` Jeff King
2014-05-30 20:31   ` Junio C Hamano

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).