Differences

This shows you the differences between two versions of the page.

--- vcs:commit-signing [2021/04/01 14:18] – Feedback from Rowan Tommins; add FAQ; editorial corrections bishop
+++ vcs:commit-signing [2021/04/01 16:48] (current) – improve documentation around key expiration bishop
@@ Line 341: / Line 341: @@
 ==== Do I need a passphrase? ====
-Yes. If you're private key falls into the wrong hands, they'll be unable to use the key without the passphrase.
+Yes. If your private key falls into the wrong hands, they'll be unable to use the key without the passphrase.
 ==== Should my key expire? ====
-This guide created an immortal key (see step 2). If you are sufficiently paranoid and do not mind periodic bookkeeping, then by all means create a key that is short lived. An expired key acts like a deleted key: you won't be able to sign with it any more, so follow the "What if I lose my key?" flow described above.
+This guide created an immortal key (see step 2), because //for this use case// [[https://security.stackexchange.com/a/79386/72365|key expiration does not add any security]] while it increases development friction.
-As part of regular security hygiene, consider rotating your keys at least yearly anyway.
+As part of regular security hygiene, however, consider creating a new key and replacing the old one at GitHub annually.
@@ Line 403: / Line 402: @@
 The ''.gitconfig'' file, lines 1 through 11 set a global signing key, while lines 13 and 14 use a //different// configuration for all repositories under the ''$HOME/code/php'' directory. For those repos, it uses the signing key ''7DB08A14''.
+==== Always show signatures in logs ====
+To always display signatures in commit logs, you can configure git to always display them by default
+<code>
+    git config --global log.showSignature true
+</code>
 ===== Thanks =====
 This guide was adapted, with permission, from internal developer documentation at [[https://github.com/lifeomic|LifeOmic]].

Differences

Page Tools