This is a bit of frustration post. I’m not a professional and some stuff is super confusing. And it might not even be programming only, as this seems to be a general issue when it comes to signing and security in computers. Every time I have to reinstall my operating system (its really only a few times in a decade), one of the things i fear most is signing into Github, signing keys and setting up local git on my Linux machine. I want the verified badge. Every time its a fight in understanding and doing the right steps, creating gpg keys and access tokens and such.

Am I the only one who struggles with this? Right now I have set it up and my test repository has the badge again. Do people care about this? Especially people like me who does a few little CLI and scripts and nothing else. Am I doing enterprise level security for the sake of an icon or is this really more secure? I do not have ANY professional background. As said I seem to have setup correctly now, so this is not asking for troubleshooting. Just wanted hear about your opinion and experience, and if any of you care.

  • thingsiplay@beehaw.orgOP
    link
    fedilink
    arrow-up
    1
    ·
    5 days ago

    I don’t reinstall very often, usually use it for many years (its a rolling release). But even if I do, that should not be the problem here. As for the process to take over the old signed keys and reuse them, I didn’t know. I always thought the signing is for a specific set of hardware and current os installation. I have the directory .gnupg and the files .git-credentials and .gitconfig. Is there something else I have to copy?

    • darklamer@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      6
      ·
      5 days ago

      I always thought the signing is for a specific set of hardware and current os installation.

      Ah, no, PGP keys are intended for identifying people, not machines.

      I have the directory .gnupg

      That’s all you need for GPG.

      Is there something else I have to copy?

      Why not copy your entire home directory?

      • thingsiplay@beehaw.orgOP
        link
        fedilink
        arrow-up
        1
        ·
        5 days ago

        I never take over entire home, only selected configurations. Usually my old drive is available as a backup, in case I forgot something important (but my last drive broke). If done correctly, this approach is much cleaner and not the actual problem, doing it since 2008. Just didn’t know I could reuse my existing .gnupg directory. I’ll add this dir to my regular backup routine, after everything is working as it should.

        I can only test this years from now. Thank you for this advice, it will save me lot of trouble and nerves.