Please just use pgp. You need expiration, permissible purpose, revocation, ident... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		exabrial on Sept 14, 2022 \| parent \| context \| favorite \| on: Signing Git commits with your SSH key (2021) Please just use pgp. You need expiration, permissible purpose, revocation, identity, etc embedded into a ‘key’. Pgp is really really good at doing these things and has been though the ringer on security. Yes pgp sucks at its original Purpose (encrypting email) but it’s excellent for signing things.

waynecochran on Sept 14, 2022 [–]

Is there a particular implementation of PGP that folks should use?

exabrial on Sept 14, 2022 | [–]

GPG is available nearly everywhere on every platform. If you're on OSX you can install MacGpg which provides a nice UI.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact