On Mon, Feb 18, 2019 at 03:12:32PM -0500, Marco Sirabella wrote: > Hi all, > > When signing a commit with git, the newer of two signing keys under my main > master key is used. This is even the case when `default-key` is set in > `gpg.conf` (`gpg --sign` uses the correct key). > > Is there any way to tell git to not use the `--local-user` flag when signing, > and just let `gpg` decide which key to sign with? Or is `gpg.signingKey` in the > config the way to go? I typically use user.signingKey for this purpose. The benefit of using local-user by default is that we serialize the email address in the signature as the signer, which is valuable when a person has multiple email addresses on their key. We do have this functionality in the author and committer fields, but embedding it in the signature ensures that the signature can't be verified without it. Also, without specifying -u, we'd pick whatever key was the default in the keyring, even if the email address for that key was wrong for the commit. -- brian m. carlson: Houston, Texas, US OpenPGP: https://keybase.io/bk2204
Attachment:
signature.asc
Description: PGP signature
