#335 GPG Signed Commits reveal email address

Closed
opened 3 weeks ago by bohrium272 · 6 comments

Commits that are signed using a registered GPG key display the registered email address of the author even when the setting "Hide Email Address" is turned on.

Example: https://codeberg.org/dnkl/foot/commits/branch/master. Hovering on the green lock displays the email address even when their user profile doesn't display the same (meaning their "Hide Email Address" setting is checked)

I have seen this happening on one of my private repos as well

Not sure if this is a Gitea related issue because a repo on Gitea.com (using Gitea 1.14.0) with signed commits doesn't show the email address of the author.

Commits that are signed using a registered GPG key display the registered email address of the author even when the setting "Hide Email Address" is turned on. Example: https://codeberg.org/dnkl/foot/commits/branch/master. Hovering on the green lock displays the email address even when their [user profile](https://codeberg.org/dnkl) doesn't display the same (meaning their "Hide Email Address" setting is checked) I have seen this happening on one of my private repos as well Not sure if this is a Gitea related issue because a [repo on Gitea.com (using Gitea 1.14.0) with signed commits]( https://gitea.com/sapk/explore/commits/branch/master) doesn't show the email address of the author.
6543 commented 3 weeks ago
Poster
Collaborator

Just my own thoughts about this:

Why people are complaining about privacy issues with emails exposed to UI, git store them anyway, If you realy want to hide your email you simply should not add it into your git configuration and commit it.

And Signing Commits will by it's meaning connect a commit to a (email-)identity.

So if People realy not want there email exposed they should just stop using it to commit stuff.


To the issue, it is gitea related but the whole signing infrastructure got some refactoring in v1.13.0(unreleased). @bohrium272 so if you wait it will be resolved when codeberg is upgrading :)

Just my own thoughts about this: Why people are complaining about privacy issues with emails exposed to UI, git store them anyway, If you realy want to hide your email you simply should not add it into your git configuration and commit it. And Signing Commits will by it's meaning connect a commit to a (email-)identity. So if People realy not want there email exposed they should just stop using it to commit stuff. ------ To the issue, it is gitea related but the whole signing infrastructure got some refactoring in v1.13.0(unreleased). @bohrium272 so if you wait it will be resolved when codeberg is upgrading :)
hw commented 3 weeks ago
Poster
Owner

I tend to agree with @6543 here. Especially as Gitea supports multiple email addresses, commits can get signed with secondary or even the noreply address that is also used in GUI commits.

Git needs email addresses to work, and users are free to choose the address they like to commit+sign their commits with. No need to expose a private address; privacy should focus on protecting the private address and ensure that there is always the choice to use a secondary, public address for commit+signing.

I tend to agree with @6543 here. Especially as Gitea supports multiple email addresses, commits can get signed with secondary or even the noreply address that is also used in GUI commits. Git needs email addresses to work, and users are free to choose the address they like to commit+sign their commits with. No need to expose a private address; privacy should focus on protecting the private address and ensure that there is always the choice to use a secondary, public address for commit+signing.
Poster

I agree as well.

Just wanted to make sure that if possibly the email for a signed commit can be hidden (as seen on the gitea.com repo I linked above), its best to have it hidden.

And Signing Commits will by it’s meaning connect a commit to a (email-)identity.
So if People realy not want there email exposed they should just stop using it to commit stuff.

Understood and agreed

even the noreply address that is also used in GUI commits

I tried that and it didn't work. Does the noreply address need to be added as a secondary address before using a key associated with it?

I agree as well. Just wanted to make sure that if possibly the email for a signed commit can be hidden (as seen on the [gitea.com repo](https://gitea.com/sapk/explore/commits/branch/master) I linked above), its best to have it hidden. >And Signing Commits will by it’s meaning connect a commit to a (email-)identity. So if People realy not want there email exposed they should just stop using it to commit stuff. Understood and agreed >even the noreply address that is also used in GUI commits I tried that and it didn't work. Does the noreply address need to be added as a secondary address before using a key associated with it?
hw commented 2 weeks ago
Poster
Owner

even the noreply address that is also used in GUI commits

I tried that and it didn't work. Does the noreply address need to be added as a secondary address before creating using a key associated with it?

What exactly went wrong? You should be able to commit using this address.

> >even the noreply address that is also used in GUI commits > > I tried that and it didn't work. Does the noreply address need to be added as a secondary address before creating using a key associated with it? What exactly went wrong? You should be able to commit using this address.
Poster

I am able to commit using the address.

commits can get signed with secondary or even the noreply address that is also used in GUI commits.

However I am not able to sign a commit with a GPG key having the noreply email address as part of the identity.

Steps:

  1. Generate a GPG key and enter the noreply email address when asked for
  2. Try to add the generated key on Codeberg through settings.

Step 2 is where it fails.

I am able to commit using the address. >commits can get signed with secondary or even the noreply address that is also used in GUI commits. However I am not able to sign a commit with a GPG key having the noreply email address as part of the identity. Steps: 1. Generate a GPG key and enter the noreply email address when asked for 2. Try to add the generated key on Codeberg through settings. Step 2 is where it fails.
6543 commented 2 weeks ago
Poster
Collaborator

@hw maby woth a own section "prifacy" in https://docs.codeberg.org ?

@bohrium272 it should work ... I'll test

@hw maby woth a own section "prifacy" in https://docs.codeberg.org ? @bohrium272 it should work ... I'll test
6543 closed this issue 2 days ago
Sign in to join this conversation.
No Milestone
No Assignees
3 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.