jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-21 19:06:49 -05:00
Code Issues Projects Releases Wiki Activity

updating content files

Browse Source
This commit is contained in:
Grace Park
2021-06-14 12:06:52 -07:00
parent 850ab9ccb4
commit 6f7e4f50dc
1154 changed files with 6299 additions and 6267 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
content/github/authenticating-to-github/managing-commit-signature-verification/about-commit-signature-verification.md
View File

@@ -14,7 +14,7 @@ topics:
- Identity
- Access management
---
### About commit signature verification
## About commit signature verification
You can sign commits and tags locally, to give other people confidence about the origin of a change you have made. If a commit or tag has a GPG or S/MIME signature that is cryptographically verifiable, GitHub marks the commit or tag {% if currentVersion == "free-pro-team@latest" %}"Verified" or "Partially verified."{% else %}"Verified."{% endif %}
@@ -25,7 +25,7 @@ Commits and tags have the following verification statuses, depending on whether
{% data reusables.identity-and-permissions.vigilant-mode-beta-note %}
#### Default statuses
### Default statuses
| Status | Description |
| -------------- | ----------- |
@@ -33,7 +33,7 @@ Commits and tags have the following verification statuses, depending on whether
| **Unverified** | The commit is signed but the signature could not be verified.
| No verification status | The commit is not signed.
#### Statuses with vigilant mode enabled
### Statuses with vigilant mode enabled
{% data reusables.identity-and-permissions.vigilant-mode-verification-statuses %}
@@ -49,7 +49,7 @@ Repository administrators can enforce required commit signing on a branch to blo
{% data variables.product.product_name %} will automatically use GPG to sign commits you make using the {% data variables.product.product_name %} web interface, except for when you squash and merge a pull request that you are not the author of. Commits signed by {% data variables.product.product_name %} will have a verified status on {% data variables.product.product_name %}. You can verify the signature locally using the public key available at https://github.com/web-flow.gpg. The full fingerprint of the key is `5DE3 E050 9C47 EA3C F04A 42D3 4AEE 18F8 3AFD EB23`. You can optionally choose to have {% data variables.product.product_name %} sign commits you make in {% data variables.product.prodname_codespaces %}. For more information about enabling GPG verification for your codespaces, see "[Managing GPG verification for {% data variables.product.prodname_codespaces %}](/github/developing-online-with-codespaces/managing-gpg-verification-for-codespaces)."
{% endif %}
### GPG commit signature verification
## GPG commit signature verification
You can use GPG to sign commits with a GPG key that you generate yourself.
@@ -64,7 +64,7 @@ To sign commits using GPG and have those commits verified on {% data variables.p
5. [Sign commits](/articles/signing-commits)
6. [Sign tags](/articles/signing-tags)
### S/MIME commit signature verification
## S/MIME commit signature verification
You can use S/MIME to sign commits with an X.509 key issued by your organization.
@@ -81,14 +81,14 @@ To sign commits using S/MIME and have those commits verified on {% data variable
You don't need to upload your public key to {% data variables.product.product_name %}.
{% if currentVersion == "free-pro-team@latest" %}
### Signature verification for bots
## Signature verification for bots
Organizations and {% data variables.product.prodname_github_app %}s that require commit signing can use bots to sign commits. If a commit or tag has a bot signature that is cryptographically verifiable, {% data variables.product.product_name %} marks the commit or tag as verified.
Signature verification for bots will only work if the request is verified and authenticated as the {% data variables.product.prodname_github_app %} or bot and contains no custom author information, custom committer information, and no custom signature information, such as Commits API.
{% endif %}
### Further reading
## Further reading
- "[Signing commits](/articles/signing-commits)"
- "[Signing tags](/articles/signing-tags)"

4
content/github/authenticating-to-github/managing-commit-signature-verification/adding-a-new-gpg-key-to-your-github-account.md
View File

@@ -20,7 +20,7 @@ Before adding a new GPG key to your {% data variables.product.product_name %} ac
When verifying a signature, we extract the signature and attempt to parse its key-id. We match the key-id with keys uploaded to {% data variables.product.product_name %}. Until you upload your GPG key to {% data variables.product.product_name %}, we cannot verify your signatures.
### Adding a GPG key
## Adding a GPG key
{% data reusables.user_settings.access_settings %}
{% data reusables.user_settings.ssh %}
@@ -32,7 +32,7 @@ When verifying a signature, we extract the signature and attempt to parse its ke
![The Add key button](/assets/images/help/settings/gpg-add-key.png)
6. To confirm the action, enter your {% data variables.product.product_name %} password.
### Further reading
## Further reading
* "[Checking for existing GPG keys](/articles/checking-for-existing-gpg-keys)"
* "[Generating a new GPG key](/articles/generating-a-new-gpg-key)"

2
content/github/authenticating-to-github/managing-commit-signature-verification/associating-an-email-with-your-gpg-key.md
View File

@@ -49,7 +49,7 @@ If you're using a GPG key that matches your committer identity and your verified
```
11. Upload the GPG key by [adding it to your GitHub account](/articles/adding-a-new-gpg-key-to-your-github-account).
### Further reading
## Further reading
- "[Checking for existing GPG keys](/articles/checking-for-existing-gpg-keys)"
- "[Generating a new GPG key](/articles/generating-a-new-gpg-key)"

2
content/github/authenticating-to-github/managing-commit-signature-verification/checking-for-existing-gpg-keys.md
View File

@@ -26,7 +26,7 @@ topics:
* If there are no GPG key pairs or you don't want to use any that are available for signing commits and tags, then [generate a new GPG key](/articles/generating-a-new-gpg-key).
* If there's an existing GPG key pair and you want to use it to sign commits and tags, then [add your GPG key to your GitHub account](/articles/adding-a-new-gpg-key-to-your-github-account).
### Further reading
## Further reading
* "[Generating a new GPG key](/articles/generating-a-new-gpg-key)"
* "[Adding a new GPG key to your GitHub account](/articles/adding-a-new-gpg-key-to-your-github-account)"

4
content/github/authenticating-to-github/managing-commit-signature-verification/displaying-verification-statuses-for-all-of-your-commits.md
View File

@@ -12,7 +12,7 @@ redirect_from:
---
{% data reusables.identity-and-permissions.vigilant-mode-beta-note %}
### About vigilant mode
## About vigilant mode
When you work locally on your computer, Git allows you to set the author of your changes and the identity of the committer. This, potentially, makes it difficult for other people to be confident that commits and tags you create were actually created by you. To help solve this problem you can sign your commits and tags. For more information, see "[Signing commits](/github/authenticating-to-github/signing-commits)" and "[Signing tags](/github/authenticating-to-github/signing-tags)." {% data variables.product.prodname_dotcom %} marks signed commits and tags with a verification status.
@@ -28,7 +28,7 @@ You should only enable vigilant mode if you sign all of your commits and tags. A
{% data reusables.identity-and-permissions.verification-status-check %}
### Enabling vigilant mode
## Enabling vigilant mode
{% data reusables.user_settings.access_settings %}
{% data reusables.user_settings.ssh %}

4
content/github/authenticating-to-github/managing-commit-signature-verification/generating-a-new-gpg-key.md
View File

@@ -14,7 +14,7 @@ topics:
---
{% data reusables.gpg.supported-gpg-key-algorithms %}
### Generating a GPG key
## Generating a GPG key
{% note %}
@@ -56,7 +56,7 @@ topics:
11. Copy your GPG key, beginning with `-----BEGIN PGP PUBLIC KEY BLOCK-----` and ending with `-----END PGP PUBLIC KEY BLOCK-----`.
12. [Add the GPG key to your GitHub account](/articles/adding-a-new-gpg-key-to-your-github-account).
### Further reading
## Further reading
* "[Checking for existing GPG keys](/articles/checking-for-existing-gpg-keys)"
* "[Adding a new GPG key to your GitHub account](/articles/adding-a-new-gpg-key-to-your-github-account)"

2
content/github/authenticating-to-github/managing-commit-signature-verification/signing-commits.md
View File

@@ -48,7 +48,7 @@ If you have multiple keys or are attempting to sign commits or tags with a key t
5. To view more detailed information about the verified signature, click Verified.
![Signed commit](/assets/images/help/commits/gpg-signed-commit-verified-without-details.png)
### Further reading
## Further reading
* "[Checking for existing GPG keys](/articles/checking-for-existing-gpg-keys)"
* "[Generating a new GPG key](/articles/generating-a-new-gpg-key)"

2
content/github/authenticating-to-github/managing-commit-signature-verification/signing-tags.md
View File

@@ -26,7 +26,7 @@ topics:
# Verifies the signed tag
```
### Further reading
## Further reading
- "[Viewing your repository's tags](/articles/viewing-your-repositorys-tags)"
- "[Checking for existing GPG keys](/articles/checking-for-existing-gpg-keys)"

8
content/github/authenticating-to-github/managing-commit-signature-verification/telling-git-about-your-signing-key.md
View File

@@ -15,7 +15,7 @@ topics:
---
{% mac %}
### Telling Git about your GPG key
## Telling Git about your GPG key
If you're using a GPG key that matches your committer identity and your verified email address associated with your {% data variables.product.product_name %} account, then you can begin signing commits and signing tags.
@@ -48,7 +48,7 @@ If you have multiple GPG keys, you need to tell Git which one to use.
{% windows %}
### Telling Git about your GPG key
## Telling Git about your GPG key
If you're using a GPG key that matches your committer identity and your verified email address associated with your {% data variables.product.product_name %} account, then you can begin signing commits and signing tags.
@@ -77,7 +77,7 @@ If you have multiple GPG keys, you need to tell Git which one to use.
{% endnote %}
### Telling Git about your GPG key
## Telling Git about your GPG key
If you're using a GPG key that matches your committer identity and your verified email address associated with your {% data variables.product.product_name %} account, then you can begin signing commits and signing tags.
@@ -106,7 +106,7 @@ If you have multiple GPG keys, you need to tell Git which one to use.
{% endlinux %}
### Further reading
## Further reading
- "[Checking for existing GPG keys](/articles/checking-for-existing-gpg-keys)"
- "[Generating a new GPG key](/articles/generating-a-new-gpg-key)"