Comments (6)
I can provide you with more information here, once the tooling is ready! :)
I heard it's really tasty! 🥯
If you are going that route, please consider a trust path from your current OpenPGP key 29BCBADB4ECAAAC2382699388AFAFCD242818A52 to the new tooling (e.g. by introducing the new way of signing in a signed commit).
Just for the record, this is how the openssh project does that. They do have an "allowed signers" file with all SSH keys: https://github.com/openssh/openssh-portable/blob/master/.git_allowed_signers and the "trust path" is provided by an OpenPGP signature over that file: https://github.com/openssh/openssh-portable/blob/master/.git_allowed_signers.asc
HTH 👋
from argcomplete.
@kislyuk the projects that may be of interest to you are https://codeberg.org/openpgp-card/ssh-agent/, https://codeberg.org/openpgp-card/openpgp-card-tools/, https://codeberg.org/openpgp-card/oct-git and https://codeberg.org/heiko/rsop
With those you can basically maintain an OpenPGP card based workflow for signing and decryption without having to use GnuPG at all.
from argcomplete.
Hi! Thanks for your interest in argcomplete and for your efforts to help package and distribute it.
While I agree with the overall design of the web of trust and with the goals of OpenPGP-based software distribution infrastructure, the only implementation that is available to me in my development environments is GnuPG, which has major usability issues that make me disinclined to continue its use. I welcome suggestions of other OpenPGP implementations that have better UX standards compared to GnuPG.
I plan to continue to manage releases for this project for the foreseeable future. If that ever changes, you can expect it to be reflected by the state of this project on a trusted platform like GitHub: the repository will either be transferred to a new organization or a new maintainer, with committer access updated correspondingly.
from argcomplete.
the only implementation that is available to me in my development environments is GnuPG, which has major usability issues that make me disinclined to continue its use.
A common theme 🥲
I welcome suggestions of other OpenPGP implementations that have better UX standards compared to GnuPG.
Do you use a smartcard to work with your OpenPGP private key? If so, there may be something to beta test soon 😉
I plan to continue to manage releases for this project for the foreseeable future.
Just to clarify: Currently, this means you will not be signing tags going forward?
from argcomplete.
I don't have a smartcard, but I have a bunch of yubikeys. Would those work?
Currently, this means you will not be signing tags going forward?
Not with gnupg. It has interrupted too many of my releases with ridiculous bugs and otherwise stolen too much of my time.
It looks like git and github now support signing with SSH keys. If I sign my tags with SSH keys and post my SSH public key in my various online profiles, would that work for you?
from argcomplete.
I don't have a smartcard, but I have a bunch of yubikeys. Would those work?
Yes. (I should have specified what I'm referring to as smartcard is an OpenPGP card - those come in all forms, not just the classic oldschool "smartcard").
I can provide you with more information here, once the tooling is ready! :)
If I sign my tags with SSH keys and post my SSH public key in my various online profiles, would that work for you?
On Arch Linux we have only now started to look into how to do OpenSSH based signature verification sensibly.
If you are going that route, please consider a trust path from your current OpenPGP key 29BCBADB4ECAAAC2382699388AFAFCD242818A52
to the new tooling (e.g. by introducing the new way of signing in a signed commit).
from argcomplete.
Related Issues (20)
- `argcomplete` adds entries to `.bash_completion`, even when action is abandoned HOT 1
- installing zsh globally adds paths to completion options introduced in v3.1.4 HOT 1
- Contributing guidelines for argcomplete? HOT 2
- How do I exclude files in the users directory from the tab completion? HOT 2
- Unable to get completion to work for NetExec HOT 2
- zsh: completion fails with script path starting with '~/' HOT 1
- 3.2.2: pytest is failing HOT 1
- Output of `argcomplete.warn` does not show HOT 4
- Generating lazy completion scripts for Bash/Zsh HOT 1
- Problem with os.get_terminal_size() and argcomplete HOT 2
- completion with a leading dash HOT 2
- No automatic testing on windows? HOT 2
- Python 3.13: Some tests fail when run with latest Python pre-release HOT 5
- Check recent argparse API changes for compatibility HOT 2
- completer falls back to Bash filename completion
- Python 3.12.3: Test suite fails HOT 1
- autocompletion is slow and stuck HOT 2
- Issue with File Path Autocompletion in Argparse Outside Virtual Environment HOT 4
- Inconsistent completion when using a custom validator between `fish` and `bash` HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from argcomplete.