this post was submitted on 10 Jan 2025
28 points (100.0% liked)

Programming

17771 readers
336 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev

founded 2 years ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
MaungaHikoi
28
Little frustrated with Github, gpg keys, access tokens and correct setup (beehaw.org)
submitted 15 hours ago by thingsiplay@beehaw.org to c/programming@programming.dev
24 comments fedilink hide all child comments
 

This is a bit of frustration post. I'm not a professional and some stuff is super confusing. And it might not even be programming only, as this seems to be a general issue when it comes to signing and security in computers. Every time I have to reinstall my operating system (its really only a few times in a decade), one of the things i fear most is signing into Github, signing keys and setting up local git on my Linux machine. I want the verified badge. Every time its a fight in understanding and doing the right steps, creating gpg keys and access tokens and such.

Am I the only one who struggles with this? Right now I have set it up and my test repository has the badge again. Do people care about this? Especially people like me who does a few little CLI and scripts and nothing else. Am I doing enterprise level security for the sake of an icon or is this really more secure? I do not have ANY professional background. As said I seem to have setup correctly now, so this is not asking for troubleshooting. Just wanted hear about your opinion and experience, and if any of you care.

you are viewing a single comment's thread
view the rest of the comments
[–] Aatube@kbin.melroy.org 1 points 13 hours ago (1 children)

this is a security thing, not a taft thing. you don’t need to sign commits to push them

plus gitlab and sourcehut are so much better

[–] Flamekebab@piefed.social 1 points 5 hours ago (1 children)

OP asked for:

Just wanted hear about your opinion and experience, and if any of you care.

I found the level of security required for basic functionality to be a hindrance. For small personal projects it felt like squashing a fly with a sledgehammer. A remote repo that is too much hassle to use is functionally the same as not using one.

plus gitlab and sourcehut are so much better

I think I'll just edit out a mention of the platform I moved to. I wasn't advocating for it. To be a bit more constructive - what makes those alternatives better?

[–] Aatube@kbin.melroy.org 1 points 1 hour ago

Commit signing is not required for any functionality, unless you opt-in to some repository setting which you have to find for yourself first.

These alternatives have vastly better UI that also layout the screen much more efficiently and have more features. I find it much easier to locate information on platforms that aren't Forgejo/Codeberg. Sourcehut's federation through email also just works.