GPG Signed Commits reveal email address #335

Ghost commented 2020年11月13日 11:50:53 +01:00

Commits that are signed using a registered GPG key display the registered email address of the author even when the setting "Hide Email Address" is turned on.

Example: https://codeberg.org/dnkl/foot/commits/branch/master. Hovering on the green lock displays the email address even when their user profile doesn't display the same (meaning their "Hide Email Address" setting is checked)

I have seen this happening on one of my private repos as well

Not sure if this is a Gitea related issue because a repo on Gitea.com (using Gitea 1.14.0) with signed commits doesn't show the email address of the author.

Commits that are signed using a registered GPG key display the registered email address of the author even when the setting "Hide Email Address" is turned on. Example: https://codeberg.org/dnkl/foot/commits/branch/master. Hovering on the green lock displays the email address even when their [user profile](https://codeberg.org/dnkl) doesn't display the same (meaning their "Hide Email Address" setting is checked) I have seen this happening on one of my private repos as well Not sure if this is a Gitea related issue because a [repo on Gitea.com (using Gitea 1.14.0) with signed commits]( https://gitea.com/sapk/explore/commits/branch/master) doesn't show the email address of the author.

6543 commented 2020年11月13日 12:01:25 +01:00

Just my own thoughts about this:

Why people are complaining about privacy issues with emails exposed to UI, git store them anyway, If you realy want to hide your email you simply should not add it into your git configuration and commit it.

And Signing Commits will by it's meaning connect a commit to a (email-)identity.

So if People realy not want there email exposed they should just stop using it to commit stuff.

---

To the issue, it is gitea related but the whole signing infrastructure got some refactoring in v1.13.0(unreleased). @bohrium272 so if you wait it will be resolved when codeberg is upgrading :)

Just my own thoughts about this: Why people are complaining about privacy issues with emails exposed to UI, git store them anyway, If you realy want to hide your email you simply should not add it into your git configuration and commit it. And Signing Commits will by it's meaning connect a commit to a (email-)identity. So if People realy not want there email exposed they should just stop using it to commit stuff. ------ To the issue, it is gitea related but the whole signing infrastructure got some refactoring in v1.13.0(unreleased). @bohrium272 so if you wait it will be resolved when codeberg is upgrading :)

hw commented 2020年11月13日 13:29:18 +01:00

I tend to agree with @6543 here. Especially as Gitea supports multiple email addresses, commits can get signed with secondary or even the noreply address that is also used in GUI commits.

Git needs email addresses to work, and users are free to choose the address they like to commit+sign their commits with. No need to expose a private address; privacy should focus on protecting the private address and ensure that there is always the choice to use a secondary, public address for commit+signing.

I tend to agree with @6543 here. Especially as Gitea supports multiple email addresses, commits can get signed with secondary or even the noreply address that is also used in GUI commits. Git needs email addresses to work, and users are free to choose the address they like to commit+sign their commits with. No need to expose a private address; privacy should focus on protecting the private address and ensure that there is always the choice to use a secondary, public address for commit+signing.

Ghost commented 2020年11月16日 13:17:56 +01:00

I agree as well.

Just wanted to make sure that if possibly the email for a signed commit can be hidden (as seen on the gitea.com repo I linked above), its best to have it hidden.

And Signing Commits will by it’s meaning connect a commit to a (email-)identity.
So if People realy not want there email exposed they should just stop using it to commit stuff.

Understood and agreed

even the noreply address that is also used in GUI commits

I tried that and it didn't work. Does the noreply address need to be added as a secondary address before using a key associated with it?

I agree as well. Just wanted to make sure that if possibly the email for a signed commit can be hidden (as seen on the [gitea.com repo](https://gitea.com/sapk/explore/commits/branch/master) I linked above), its best to have it hidden. >And Signing Commits will by it’s meaning connect a commit to a (email-)identity. So if People realy not want there email exposed they should just stop using it to commit stuff. Understood and agreed >even the noreply address that is also used in GUI commits I tried that and it didn't work. Does the noreply address need to be added as a secondary address before using a key associated with it?

hw commented 2020年11月16日 17:06:05 +01:00

even the noreply address that is also used in GUI commits

I tried that and it didn't work. Does the noreply address need to be added as a secondary address before creating using a key associated with it?

What exactly went wrong? You should be able to commit using this address.

> >even the noreply address that is also used in GUI commits > > I tried that and it didn't work. Does the noreply address need to be added as a secondary address before creating using a key associated with it? What exactly went wrong? You should be able to commit using this address.

Ghost commented 2020年11月16日 19:02:19 +01:00

I am able to commit using the address.

commits can get signed with secondary or even the noreply address that is also used in GUI commits.

However I am not able to sign a commit with a GPG key having the noreply email address as part of the identity.

Steps:

1. Generate a GPG key and enter the noreply email address when asked for
2. Try to add the generated key on Codeberg through settings.

Step 2 is where it fails.

I am able to commit using the address. >commits can get signed with secondary or even the noreply address that is also used in GUI commits. However I am not able to sign a commit with a GPG key having the noreply email address as part of the identity. Steps: 1. Generate a GPG key and enter the noreply email address when asked for 2. Try to add the generated key on Codeberg through settings. Step 2 is where it fails.

6543 commented 2020年11月16日 19:44:27 +01:00

@hw maby woth a own section "prifacy" in https://docs.codeberg.org ?

@bohrium272 it should work ... I'll test

@hw maby woth a own section "prifacy" in https://docs.codeberg.org ? @bohrium272 it should work ... I'll test

chaptergy commented 2021年03月21日 14:06:42 +01:00

@6543 The issue mentioned by @bohrium272 still persists. I generated a GPG key for the email address chaptergy@noreply.codeberg.org and tried to add it to my Codeberg account. But this fails with the error message: This GPG key is not usable with any email address associated with your account.

@6543 The issue mentioned by @bohrium272 still persists. I generated a GPG key for the email address `chaptergy@noreply.codeberg.org` and tried to add it to my Codeberg account. But this fails with the error message: `This GPG key is not usable with any email address associated with your account.`

6543 commented 2021年04月03日 10:14:51 +02:00

@chaptergy this is not a bug but a feature request ...

I'll file up an upstream issue

@chaptergy this is not a bug but a feature request ... I'll file up an upstream issue

6543 commented 2021年04月03日 13:58:23 +02:00

-> https://github.com/go-gitea/gitea/issues/15263

-> https://github.com/go-gitea/gitea/issues/15263

chaptergy commented 2021年04月03日 14:04:54 +02:00

I'm sorry, I assumed since you said

@bohrium272 it should work ... I'll test

right after his report with the GPG keys, that this behaviour is not intended.

I'm sorry, I assumed since you said > @bohrium272 it should work ... I'll test right after his report with the GPG keys, that this behaviour is not intended.