On 2023-05-19, Simon Tournier wrote:
> On ven., 19 mai 2023 at 11:34, Josselin Poiret <dev@jpoiret.xyz> wrote:
>> I'm curious Leo, in general (not Guix because we have a pre-push hook),
>> how do you make sure you always publish signed commits?  I don't want to
>> put unsigned commits anywhere except locally, but it feels like I might
>> just forget to sign them before pushing.
>
> Well, I am not Leo. :-) Maybe I misunderstand your question but usually
> my file ~/.gitconfig contains my default; say always sign.  Then
> locally, for some project [1], I set other options with the local file
> .git/config of the repository.
>
> And for the ones I do not want to sign locally but I will push signed, I
> have pre-push hooks.  Note, in practise, I do not have such
> configuration. :-)

This is basically a show-stopper for me working on guix right now. I
intentionally do not have access to my openpgp key on Guix System
machines. This completely breaks my workflow.

Neither changing ~/.gitconfig not .git/config in the working repository
seems to work around this.

I think the case can be made that not requiring signatures will actually
prevent unintentional changes from getting pushed to the archive, as the
server-side hooks will prevent unsigned changes from landing in the
repository... this is why I prefer to leave my local work-in-progress
changes unsigned. I only sign things I am confident I might want to
push.

Please revert ASAP.

live well,
  vagrant