Wouldn’t that mean you’d have to share your public key anyway?
Public keys aren’t meant to be private. The function is literally in the name… But no, you don’t necessarily have to share your public key, but for someone to verify that a specific public key was used to sign a commit, the public key is required. So there’s absolutely no reason to sign your commits if you intend on keeping your public key, private… It completely defeats the entire purpose…
Public keys aren’t meant to be private. The function is literally in the name… But no, you don’t necessarily have to share your public key, but for someone to verify that a specific public key was used to sign a commit, the public key is required. So there’s absolutely no reason to sign your commits if you intend on keeping your public key, private… It completely defeats the entire purpose…
Thanks, i know what “public” means.
I don’t see “not usually installed on your system” as a strong enough disadvantage to PGP for this use case.