GitHub/Vigilant Mode

From Omnia
< GitHub
Revision as of 20:49, 21 March 2025 by Kenneth (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Vigilant Mode

Flag unsigned commits as unverified
This will include any commit attributed to your account but not signed with your GPG or S/MIME key.
Note that this will include your existing unsigned commits.
Learn about vigilant mode.

uLyLXi5.png

Configure

Configure Vigilant Mode at the bottom of the SSH and PGP keys page 

SSH and PGP keys
https://github.com/settings/keys

Displaying verification statuses for all of your commits

You can enable vigilant mode for commit signature verification to mark all of your commits and tags with a signature verification status. https://docs.github.com/en/authentication/managing-commit-signature-verification/displaying-verification-statuses-for-all-of-your-commits

Verified

The commit is signed, the signature was successfully verified, and the committer is the only author who has enabled vigilant mode.

Partially Verified

The commit is signed, and the signature was successfully verified, but the commit has an author who:

  • a) is not the committer and
  • b) has enabled vigilant mode.

In this case, the commit signature doesn't guarantee the consent of the author, so the commit is only partially verified.

Unverified

Any of the following is true:

  • The commit is signed but the signature could not be verified.
  • The commit is not signed and the committer has enabled vigilant mode.
  • The commit is not signed and an author has enabled vigilant mode.

Flag unsigned commits with vigilant mode

Flag unsigned commits with vigilant mode
https://github.blog/changelog/2021-04-28-flag-unsigned-commits-with-vigilant-mode/

To improve security and confidence in the authenticity of your contributions, you can flag commits and tags on GitHub.com that are attributed to you but not signed by you. With vigilant mode enabled (now available in beta), unsigned commits attributed to you are flagged with an Unverified badge. This can alert you and others to potential issues with authenticity.

The author and committer of a Git commit can easily be spoofed. For example, someone can push a commit that claims to be from you, but isn’t. Like showing a passport, committers can increase trust in their commits by signing them with a GPG or S/MIME key. And now, when you enable vigilant mode, commits will be flagged if they’re attributed to you but not signed by you. This raises attention if someone tries to spoof your identity as a committer or author. With vigilant mode enabled, all of your commits and tags are marked with one of three verification statuses: Verified, Partially verified, or Unverified.

keywords

Retrieved from "https://aznot.com/index.php?title=GitHub/Vigilant_Mode&oldid=8499"