scripts: verify pgp signatures as part of github-merge.py #16280

issue fanquake opened this issue on June 25, 2019

fanquake commented at 12:46 AM on June 25, 2019: member

Follow up to #16223. It was mentioned in that PR that we could do some additional checking for signed ACKs, and verifying signatures:

laanwj: This could also check "signed ACKs" (and say, mark them specially, if they match the expected key for the user) if we're going there in the future.

instagibbs: laanwj I was going to suggest that as a stretch goal, so concept ACK that. Would be nice to see local pgp sigs validated.
fanquake added the label Scripts and tools on Jun 25, 2019
fanquake added the label good first issue on Jun 25, 2019
MarcoFalke commented at 4:14 PM on June 25, 2019: member

Ideally, the signature would be preserved, so that a user could verify them at a later point in time. Though, having the maintainer verify them and include the result is already helpful.
MarcoFalke commented at 4:16 PM on June 25, 2019: member

We might have to come up with a serialization of the signatures into the merge commit body. Maybe @petertodd has some tips on this.
petertodd commented at 8:48 AM on July 13, 2019: contributor

@MarcoFalke Are you aware of how Git already handles merge commit signatures?
fanquake commented at 11:30 AM on September 26, 2019: member

Moved this to https://github.com/bitcoin-core/bitcoin-maintainer-tools/issues/35 now that the script has moved.
fanquake closed this on Sep 26, 2019
DrahtBot locked this on Dec 16, 2021

Contributors

Labels