7 comments

[ 3.2 ms ] story [ 28.8 ms ] thread
It appears that the GPG support doesn't support subkey signing, commits signed with my signing subkey do not show as verified, while the same commit on GitHub does. Both GitHub and GitLab have the same public key export available, and the same email addresses verified.

Examples:

https://gitlab.com/jakebasile/gpg-sign-test/commits/master

https://github.com/jakebasile/gpg-sign-test/commits/master

Edit: it is possible I am just doing something wrong, I don't routinely sign commits. But seeing as the exact same commit in GitHub shows as verified I think there is a problem here.

One of the main reasons we aren't using GitLab for our open source projects is the network effect that GitHub enjoys. We work openly on GitHub, and many of our stakeholders have GitHub accounts.

Are there any ways to manage a federated project, using GitLab as the primary project management while still maintaining presence in the GitHub community?

GitLab allows users to sign in using their GitHub accounts. It solves the `everyone has a GitHub account` problem.
Not really, if "SamHouston" (not a real person, just example) has a Github account but has yet to sign up/in with Gitlab, I cannot ping that person via a comment on Gitlab no?
Could you have Github as a mirror but without issues and PRs, and handle those at Gitlab? That way you at least show up in searches.