Trusted sign will be untrusted in forks #12146

Open
opened 2025-11-02 10:00:06 -06:00 by GiteaMirror · 5 comments
Owner

Originally created by @yp05327 on GitHub (Dec 4, 2023).

Description

Is this correct or not?
image
image

Gitea Version

latest

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

gitea.com

Database

None

Originally created by @yp05327 on GitHub (Dec 4, 2023). ### Description Is this correct or not? ![image](https://github.com/go-gitea/gitea/assets/18380374/82503cee-ffd2-410a-a0ca-df2f7125ff0f) ![image](https://github.com/go-gitea/gitea/assets/18380374/cdfb27c0-b637-4840-9633-3569c8a53d2a) ### Gitea Version latest ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist _No response_ ### Screenshots _No response_ ### Git Version _No response_ ### Operating System _No response_ ### How are you running Gitea? gitea.com ### Database None
GiteaMirror added the type/bug label 2025-11-02 10:00:06 -06:00
Author
Owner

@yp05327 commented on GitHub (Dec 4, 2023):

It seems that it is correct.
As if I add lunny to contributor list, it will be trusted.

@yp05327 commented on GitHub (Dec 4, 2023): It seems that it is correct. As if I add lunny to contributor list, it will be trusted.
Author
Owner

@yp05327 commented on GitHub (Dec 4, 2023):

Different untrusted info:
image
773215fa9e

And this is correct in the origin repo.
image
773215fa9e

@yp05327 commented on GitHub (Dec 4, 2023): Different untrusted info: ![image](https://github.com/go-gitea/gitea/assets/18380374/3240d3e2-a804-4fe8-911e-07d3c6f8a9c6) https://gitea.com/yp05327/blog/commit/773215fa9ea01d010d09aafc88607ddcebd93f58 And this is correct in the origin repo. ![image](https://github.com/go-gitea/gitea/assets/18380374/3922fc86-adce-4846-844c-bdc22e611404) https://gitea.com/gitea/blog/commit/773215fa9ea01d010d09aafc88607ddcebd93f58
Author
Owner

@JakobDev commented on GitHub (Dec 4, 2023):

Why does it even check, if someone is in the Repos contributors list? Should if just check, if Name/Mail and signature match with the Gitea Account?

@JakobDev commented on GitHub (Dec 4, 2023): Why does it even check, if someone is in the Repos contributors list? Should if just check, if Name/Mail and signature match with the Gitea Account?
Author
Owner

@yp05327 commented on GitHub (Dec 6, 2023):

Maybe this is a bug. I will try to figure it out.

@yp05327 commented on GitHub (Dec 6, 2023): Maybe this is a bug. I will try to figure it out.
Author
Owner

@yp05327 commented on GitHub (Dec 6, 2023):

09d5028442/models/asymkey/gpg_key_commit_verification.go (L497-L523)
It seems that this is by design.

@yp05327 commented on GitHub (Dec 6, 2023): https://github.com/go-gitea/gitea/blob/09d50284422aa70af47c77e20b65b9f5c5e32c13/models/asymkey/gpg_key_commit_verification.go#L497-L523 It seems that this is by design.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#12146