gitsign
community
gitsign | community | |
---|---|---|
10 | 68 | |
899 | 6,360 | |
0.7% | 0.6% | |
9.1 | 8.2 | |
3 days ago | 7 days ago | |
Go | Ruby | |
GNU General Public License v3.0 or later | Creative Commons Attribution 4.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
gitsign
-
Gittuf – a security layer for Git using some concepts introduced by TUF
> does it also filter/escape ANSI Sequences in messages and author names?
Not at present! Do you have a link or so I could use to familiarize myself? I'm curious if it'd fall within gittuf's scope.
> does it block garbage collection?
Nope, it doesn't. That said, the repository will have more objects, gittuf tracks additional objects through custom refs in `refs/gittuf/`.
> how do you ensure that the developers are really the developers and there's no spoofing?
At present, gittuf policies use signing keys. It doesn't rely on the commit metadata for author and committer but rather the commit's signature. We support GPG and Sigstore's gitsign [0] right now, and we want to support other signing mechanisms like SSH keys as well.
[0] https://github.com/sigstore/gitsign
-
Signing Git Commits with Your SSH Key
You may want to check out https://github.com/sigstore/gitsign! You can generate ephemeral x509 code signing certs for free using Sigstore.
(disclosure: I'm a maintainer for gitsign)
-
A toolbox for a secure software supply chain
Def check out the gitsign project mentioned in the post: https://github.com/sigstore/gitsign
-
Enable Gitsign Today and Start Signing your Commits
Gitsign offers a keyless commit signing implementation based on OIDC, which is an identity layer built on top of the OAuth 2.0 framework. Gitsign supports verifying your identity either through GitHub, Microsoft, or a Google account.
-
SSH commit verification now supported
Shameless plug for the gitsign project in sigstore: https://github.com/sigstore/gitsign
This isn't supported by GitHub yet but we're hopefully working towards that too.
- sigstore/gitsign: Keyless Git signing using Sigstore
- Keyless Git signing with Sigstore!
-
Gitsign
We used to actually run an RFC3161 timestamp server in addition to the transparency log but recently turned it down because no one was using it. I'd like to bring it back for stuff like this.
https://github.com/sigstore/gitsign/issues/22
community
-
Category Cleanup: 4 Ways Your Discussions Categories Can Be Better Optimized
Check out how to create your own or feel free to borrow from Community Discussions’ templates.
- New GitHub feed is hot garbage
-
Confusion about Git Flow
Although GitHub did not have a plan to support this option, but AzureDevops and GitLab already supported this. https://github.com/community/community/discussions/8940 You can manually do it for now
-
GitHub Copilot X: The AI-powered developer experience
[4]: https://github.com/community/community/discussions/37117
-
How do you handle "generic packages" deployment?
I think it's not about missing commands, but missing destination (package repo of "generic" type). Very same issue posted here: https://github.com/community/community/discussions/38083
-
Is there a copilot roadmap anywhere? Or an insider that knows things :)
btw - I know this exists, but it seems like the posts are responded to much: https://github.com/community/community/discussions/categories/copilot
-
Strange issue with networking on Ubuntu Server 22.04
It appears that you're using IPv6 (your ping is returning IPv6 addresses). A quick search shows some github services may not support IPv6 but that's just a guess
-
VundleVim
Yeah, Vundle's (presumably temporary) removal caught me off guard today on a fresh install. This, in turn, has caused me to take a hard look at the Vim plugins I was using. Turns out I only needed one...which I wrote. So I'm now just storing that one in the horrible "vanilla" Vim plugin scheme and putting that in my dotfile management.
Just a good reminder that dependencies will always let you down. It's just a matter of time. Oh, and never turn your back on a big company.
Here's the tracking on this issue:
https://github.com/community/community/discussions/48173
GitHub: "The VundleVim organization has been flagged. Because of that, your organization is hidden from the public."
-
Governance Reform RFC Announcement | Inside Rust Blog
It's a relatively new beta feature for GitHub.
-
Vundle Removed from GitHub
Here's the support discussion ticket for this:
https://github.com/community/community/discussions/48173
>The VundleVim organization has been flagged.
What are some alternatives?
smimesign - An S/MIME signing utility for use with Git
Visual Studio Code - Visual Studio Code
git-ts - Git TimeStamp Utility
vscodium - binary releases of VS Code without MS branding/telemetry/licensing
github - Just a place to track issues and feature requests that I have for github
ossinsight - Analysis, Comparison, Trends, Rankings of Open Source Software, you can also get insight from more than 6 billion with natural language (powered by OpenAI). Follow us on Twitter: https://twitter.com/ossinsight
SignTools - ✒ A free, self-hosted platform to sideload iOS apps without a computer
arcade-services - Arcade Engineering Services
cargo-vet - supply-chain security for Rust
nvim-surround - Add/change/delete surrounding delimiter pairs with ease. Written with :heart: in Lua.
vouch - A multi-ecosystem package code review system.
indent-blankline.nvim - Indent guides for Neovim