Skip to content

Commit 811d685

Browse files
tomdavies-nhstomdavies-nhs
authored
Update to gpg commit signing guidance - avoid comments - ref issue #334 (#336)
Closes issue #334
1 parent 38a207b commit 811d685

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

practices/guides/commit-signing.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ gpg --full-generate-key
2424
- Accept the defaults, Curve 25519 etc.
2525
- Enter your GitHub account name as the Real Name
2626
- Enter your GitHub account email as the Email Address
27+
- Avoid adding a comment (this *may* prevent git from auto-selecting a key - see Troubleshooting section below)
2728
- You can use the privacy *@users.noreply.github.com* email address listed in the GitHub profile: *Settings > Email*
2829
- Define a passphrase for the key and keep it in your password manager
2930

@@ -64,6 +65,7 @@ gpg --full-generate-key
6465
- Set key size to 4096 bit, the minimum accepted for GitHub
6566
- Enter your GitHub account name as the Real Name
6667
- Enter your GitHub account email as the Email Address
68+
- Avoid adding a comment (this *may* prevent git from auto-selecting a key - see Troubleshooting section below)
6769
- You can use the privacy *@users.noreply.github.com* email address listed in the GitHub profile: *Settings > Email*
6870
- Define a passphrase for the key and keep it in your password manager
6971

@@ -176,4 +178,4 @@ git push
176178

177179
Re-run your git command prefixed with GIT_TRACE=1
178180

179-
A failure to sign a commit is usually because the name or email does not quite match those which were used to generate the GPG key, so git cannot auto-select a key. Ensure that these are indeed consistent. You are able to [force a choice of signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key), though this should not be necessary.
181+
A failure to sign a commit is usually because the name or email does not quite match those which were used to generate the GPG key, so git cannot auto-select a key. Ensure that these are indeed consistent. (If you added a comment when creating your gpg key, this *may* cause a mismatch: the comment will be visible when listing your gpg keys, e.g. `RealName (Comment) <EmailAddress>`.) You are able to [force a choice of signing key](https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key), though this should not be necessary.

0 commit comments

Comments
 (0)