It appears that the GPG support doesn't support subkey signing, commits signed with my signing subkey do not show as verified, while the same commit on GitHub does. Both GitHub and GitLab have the same public key export available, and the same email addresses verified.
Edit: it is possible I am just doing something wrong, I don't routinely sign commits. But seeing as the exact same commit in GitHub shows as verified I think there is a problem here.
One of the main reasons we aren't using GitLab for our open source projects is the network effect that GitHub enjoys. We work openly on GitHub, and many of our stakeholders have GitHub accounts.
Are there any ways to manage a federated project, using GitLab as the primary project management while still maintaining presence in the GitHub community?
Not really, if "SamHouston" (not a real person, just example) has a Github account but has yet to sign up/in with Gitlab, I cannot ping that person via a comment on Gitlab no?
7 comments
[ 3.2 ms ] story [ 28.8 ms ] threadExamples:
https://gitlab.com/jakebasile/gpg-sign-test/commits/master
https://github.com/jakebasile/gpg-sign-test/commits/master
Edit: it is possible I am just doing something wrong, I don't routinely sign commits. But seeing as the exact same commit in GitHub shows as verified I think there is a problem here.
I'm sure if you file a bug with the details, they'll sort it it!
https://gitlab.com/gitlab-org/gitlab-ce/issues/36829
Are there any ways to manage a federated project, using GitLab as the primary project management while still maintaining presence in the GitHub community?