Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clarify commit signature trust models (GPG and S/MIME) #18328

Open
LecrisUT opened this issue Jan 19, 2022 · 1 comment
Open

Clarify commit signature trust models (GPG and S/MIME) #18328

LecrisUT opened this issue Jan 19, 2022 · 1 comment
Labels
type/enhancement An improvement of existing functionality type/proposal The new feature has not been accepted yet but needs to be discussed first.

Comments

@LecrisUT
Copy link
Contributor

LecrisUT commented Jan 19, 2022

Feature Description

Currently there is a confusion when using the Collaborator trust model for commit signature, particularly in the commit view. This causes frequent confusions to the users. I suggest that we implement at least one or preferably both:

  1. Add a tooltip in the commit view that pops-up an explanation of untrusted user (UI wise something like in this tutorial). Explanation could be: This commit is correctly signed by ${user}(${email}), but ${user} is not a trusted collaborator of this repository
  2. Change the default trust model to Committer

For reference attached is a screenshot of one of the places where a tooltip pop-up would clarify

Screenshots

image
image

@LecrisUT LecrisUT changed the title Clarify GPG trust models Clarify commit signature trust models (GPG and S/MIME) Jan 19, 2022
zeripath added a commit to zeripath/gitea that referenced this issue Jan 19, 2022
The current default trustmodel for gitea is the collaborator model. This is not GitHub
compatible by default. Now changing the nil default model committer would be a breaking
change and could cause commits to become unverified. Therefore we should change the
install default to committer so that new users have the github default model and
later make a breaking change to set the default to committer.

Related go-gitea#18328

Signed-off-by: Andrew Thornton <[email protected]>
@SimonPistache
Copy link
Contributor

SimonPistache commented Jul 18, 2023

I would also like some clarification about this, regarding translation of Gitea. On the matter of signing commits (or others entities), such could be:

  • Signed by
  • Signed by untrusted user
  • Signed by untrusted user who does not match committer

On the other hand, Gitea repositories have a Signature Trust Model with the following options:

  • Default (but we don't know what is the behavior)
  • Collaborator
  • Commiter
  • Collaborator+Commiter

It is not clear how behave gitea given one of the selected model: will it actually forbid a collaborator from pushing commits because of untrusted signature? Does that setting only set the illustrated warning (on @LecrisUT 's screenshots) when pushing unverified commits?

To me, it looks like it's the same behavior as of Github (About commit signature verification > Default statuses):

Status Description
Verified The commit is signed and the signature was successfully verified.
Unverified The commit is signed but the signature could not be verified.
No verification status The commit is not signed.

But instead of wording "Verified", gitea uses "Trusted". Can someone comfirm this?

@lunny lunny added type/proposal The new feature has not been accepted yet but needs to be discussed first. type/enhancement An improvement of existing functionality labels Jul 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
type/enhancement An improvement of existing functionality type/proposal The new feature has not been accepted yet but needs to be discussed first.
Projects
None yet
Development

No branches or pull requests

3 participants