Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

README: add warning about internet access #596

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

README: add warning about internet access #596

wants to merge 1 commit into from

Conversation

philips
Copy link

@philips philips commented Nov 20, 2024

Summary

gitsign differs from GPG in that it requires an internet access on every commit. This breaks the git model of working offline. So, probably worth calling out.

Release Note

NONE

Documentation

@cpanato
Copy link
Member

cpanato commented Nov 21, 2024

thanks @philips can you please sign the DCO

@philips
README: add warning about internet access
d3f6031 
gitsign differs from GPG in that it requires an internet access on every
commit. This breaks the git model of working offline. So, probably worth
calling out.

Signed-off-by: Brandon Philips <[email protected]>
@philips
Copy link
Author

philips commented Nov 21, 2024

@cpanato signed DCO

adityasaky
adityasaky reviewed Nov 21, 2024
View reviewed changes
README.md


# Warning: Setting this will make git commit/tag reliant on internet.
# Alternatively, don't use these settings and add the -S flag instead.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The -S flag for commits will still rely on the internet, no? I wonder if this message belongs elsewhere more prominently for gitsign use as a whole?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, explaining that every signed commit now reaches out to the internet might be worth mentioning somewhere. I had setup this setting and then couldn't figure out why commits were happening so slowly.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

perhaps adding some text in the signing commits and signing tags sections makes sense? https://github.com/sigstore/gitsign/blob/main/README.md?plain=1#L115

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adityasaky adityasaky adityasaky left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@philips @cpanato @adityasaky