Committer Keys - valontuoja/metasploit-framework GitHub Wiki
This page lists the keys in use by Metasploit committers.
Signing criteria
In order to get @todb-r7 to sign your key, you should:
- tell him your Key ID over some mechanism (IRC, Skype, etc)
- post it to https://gist.github.com under your GitHub account
If you are near by, he'll ask you to confirm your Key ID in meatspace, using unique biometric and contextual data to verify your identity. If not, he'll e-mail you, using that key and a known e-mail address, and expect your response.
This constitutes verification that your key is, in fact, yours. Please set a reasonable expiration date (18 months is recommended), key length (2048 or better), and use good sense when managing your private key availability.
Signing HOWTO
Signing merges and commits is easy and fun. Generate a signing key, if you don't have one already, using your favorite PGP/GPG interface (I use gpg --gen-key). Then add this to your $HOME/.gitconfig:
[user]
name = Your Name
email = [email protected]
signingkey = DEADBEEF # Must match name and email exactly!
[alias]
c = commit -S --edit
m = merge -S --no-ff --edit
Using git c and git m from now on will sign every commit with your DEADBEEF key.