maintainer-list: add my gpg key info (@dtzWill), fix email #61220
Conversation
Apparently I have zero commits under nix@wdtz.org, so change my address to match my commits and key.
| github = "dtzWill"; | ||
| name = "Will Dietz"; | ||
| keys = [{ | ||
| longkeyid = "rsa4096/0xFD42C7D0D41494C8"; | ||
| fingerprint = "389A 78CB CD88 5E0C 4701 DEB9 FD42 C7D0 D414 94C8"; |
There was a problem hiding this comment.
How come this fingerprint doesn't match the key used to sign this commit?
There was a problem hiding this comment.
Short answer: not entirely sure, I think it does/should match, but I'm new at this :).
It's the fingerprint of the primary key, which seems appropriate-- but signing done with subkey, which is what github shows in web UI. I thought this was "standard practice" but indeed it's confusing/unexpected. Anyway, please confirm but AFAICT inspection otherwise shows what's going on. Using git verify-commit on this commit should produce something like the following:
gpg: Signature made Thu 09 May 2019 08:19:21 PM CDT
gpg: using RSA key 18FD95037A9565F707B17A2BEBB0EA4124809D02
gpg: Good signature from "Will Dietz <w@wdtz.org>" [ultimate]
gpg: aka "Will Dietz <wdietz2@illinois.edu>" [ultimate]
gpg: aka "Will Dietz <wdietz2@uiuc.edu>" [ultimate]
Primary key fingerprint: 389A 78CB CD88 5E0C 4701 DEB9 FD42 C7D0 D414 94C8
Subkey fingerprint: 18FD 9503 7A95 65F7 07B1 7A2B EBB0 EA41 2480 9D02
This arrangement isn't unprecedented (see below) but if there's a better way or if this seems problematic let me know.
Poking at some previous commits adding fingerprints to this file, this same pattern occurs for example here:
git verify-commit 4c171bdd458a769315847318303781ef4f275605
gpg: Signature made Thu 07 Mar 2019 04:48:04 PM CST
gpg: using RSA key A4ADDC26E14D7A31474236038DEDBA5BE07080E1
gpg: Good signature from "Joachim Ernst <0x4A6F@users.noreply.github.com>" [unknown]
gpg: aka "Joachim Ernst <joachim.ernst@web.de>" [unknown]
gpg: aka "Joachim Ernst <joachim.ernst.de@gmail.com>" [unknown]
gpg: aka "Joachim Ernst <joachim.ernst@juzebacknang.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: F466 A548 AD3F C1F1 8C88 4576 8702 7528 B006 D66D
Subkey fingerprint: A4AD DC26 E14D 7A31 4742 3603 8DED BA5B E070 80E1
Where the signature was made (first fingerprint) using subkey (last fingerprint) but the primary key's fingerprint is what was added in the file (not shown).
There was a problem hiding this comment.
Ah, signing with a subkey. That explains it :)
Apparently I have zero commits under nix@wdtz.org,
so change my address to match my commits and key.
Motivation for this change
Touchup my maintainer entry to reflect
the email I use for commits, add gpg info.