[META] Publish PGP key for signing releases #2010

New Issue

Closed

opened 2025-11-02 04:21:07 -06:00 by GiteaMirror · 8 comments

GiteaMirror commented 2025-11-02 04:21:07 -06:00

Owner

Copy Link

Originally created by @paulcmal on GitHub (Jul 5, 2018).

Description

I couldn't find the PGP key 8C4033A23895237CB27D52D9D9B5613BEB813F99 that signs the releases. I've tried many different keyservers. I've even tried importing the keys you use in the tests on this repo, but they're not the one :)

After giteabot compromission, someone already suggested that you publish your key. They were given an answer that it would take place before 1.5.0.

I just thought opening an issue might help remembering about it :)

Thanks for maintaining Gitea <3

Originally created by @paulcmal on GitHub (Jul 5, 2018). ## Description I couldn't find the PGP key `8C4033A23895237CB27D52D9D9B5613BEB813F99` that signs the releases. I've tried many different keyservers. I've even tried importing the keys you use in the tests on this repo, but they're not the one :) After giteabot compromission, [someone already suggested](https://github.com/go-gitea/gitea/issues/4167#issuecomment-395601062) that you publish your key. They were given an answer [that it would take place before 1.5.0](https://github.com/go-gitea/gitea/issues/4167#issuecomment-395602068). I just thought opening an issue might help remembering about it :) Thanks for maintaining Gitea <3

GiteaMirror added the type/docs label 2025-11-02 04:21:07 -06:00

GiteaMirror closed this issue 2025-11-02 04:21:07 -06:00

GiteaMirror commented 2025-11-02 04:21:07 -06:00

Author

Owner

Copy Link

@techknowlogick commented on GitHub (Jul 5, 2018):

@paulcmal Thank you for opening this. I've just uploaded the public key to a well known key server: http://pool.sks-keyservers.net/pks/lookup?op=get&hash=on&fingerprint=on&search=0x2D9AE806EC1592E2 (or if you prefer the MIT key server https://pgp.mit.edu/pks/lookup?search=0x2d9ae806ec1592e2&op=index ).

@techknowlogick commented on GitHub (Jul 5, 2018): @paulcmal Thank you for opening this. I've just uploaded the public key to a well known key server: http://pool.sks-keyservers.net/pks/lookup?op=get&hash=on&fingerprint=on&search=0x2D9AE806EC1592E2 (or if you prefer the MIT key server https://pgp.mit.edu/pks/lookup?search=0x2d9ae806ec1592e2&op=index ).

GiteaMirror commented 2025-11-02 04:21:08 -06:00

Author

Owner

Copy Link

@paulcmal commented on GitHub (Jul 5, 2018):

I've just uploaded the public key

Sorry but i'm a bit confused. Is this a different key than the ones that were used for 1.4.3 and 1.5.0-rc1?

@paulcmal commented on GitHub (Jul 5, 2018): > I've just uploaded the public key Sorry but i'm a bit confused. Is this a different key than the ones that were used for 1.4.3 and 1.5.0-rc1?

GiteaMirror commented 2025-11-02 04:21:08 -06:00

Author

Owner

Copy Link

@lafriks commented on GitHub (Jul 5, 2018):

It's the same key. Seems to be working just fine for me:

$ gpg --keyserver pgp.mit.edu --recv 0x2D9AE806EC1592E2
gpg: key 2D9AE806EC1592E2: 1 signature not checked due to a missing key
gpg: key 2D9AE806EC1592E2: public key "Teabot <teabot@gitea.io>" imported
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Total number processed: 1
gpg:               imported: 1

$ gpg --verify gitea-1.5.0-rc1-linux-amd64.asc gitea-1.5.0-rc1-linux-amd64
gpg: Signature made trešdiena, 2018. gada  4. jūlijs, plkst. 00 un
gpg:                using RSA key CC64B1DB67ABBEECAB24B6455FC346329753F4B0
gpg: Good signature from "Teabot <teabot@gitea.io>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 7C9E 6815 2594 6888 62D6  2AF6 2D9A E806 EC15 92E2
     Subkey fingerprint: CC64 B1DB 67AB BEEC AB24  B645 5FC3 4632 9753 F4B0

@lafriks commented on GitHub (Jul 5, 2018): It's the same key. Seems to be working just fine for me: ``` $ gpg --keyserver pgp.mit.edu --recv 0x2D9AE806EC1592E2 gpg: key 2D9AE806EC1592E2: 1 signature not checked due to a missing key gpg: key 2D9AE806EC1592E2: public key "Teabot <teabot@gitea.io>" imported gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: Total number processed: 1 gpg: imported: 1 $ gpg --verify gitea-1.5.0-rc1-linux-amd64.asc gitea-1.5.0-rc1-linux-amd64 gpg: Signature made trešdiena, 2018. gada 4. jūlijs, plkst. 00 un gpg: using RSA key CC64B1DB67ABBEECAB24B6455FC346329753F4B0 gpg: Good signature from "Teabot <teabot@gitea.io>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 7C9E 6815 2594 6888 62D6 2AF6 2D9A E806 EC15 92E2 Subkey fingerprint: CC64 B1DB 67AB BEEC AB24 B645 5FC3 4632 9753 F4B0 ```

GiteaMirror commented 2025-11-02 04:21:08 -06:00

Author

Owner

Copy Link

@4oo4 commented on GitHub (Jul 8, 2018):

@lafriks This is only applicable to the binaries and not the actual git tags. I know you mentioned that the release tag signature depends on who the merger is, and "Github magic" (so more complex than the way the binaries are signed/verified), would it still be worth looking into being able to verify the git tags for those of us that build from source?

The binaries are obviously priority, but this would still be really nice to have for the source. I know that I'm able to do that with Bitcoin Core git tags, but it looks like they have only one person that signs the releases. Perhaps if there were a list of the user's keys that would be making releases, we could verify off of that?

By poking around the Github API, it looks like it's creating subkeys that are tied to something (either the Github account or the user's uploaded GPG key), but I can't figure out how to get a valid GPG key from it to verify what Github shows. I'm hoping that someone who is more familiar with Github (especially the API) can clarify what happens with signatures when doing a Squash and Merge and how to grab the right key.

Here's my attempts to try that:
For the most recent tag v1.5.0-rc1, we can see that according to Github the release was verified with key AECE216D007B1CCC, associated with @lafriks. When I try to retrieve that key (curl https://api.github.com/users/lafriks/gpg_keys), I get a base64 blob that is associated with that ID (in addition to key ID DFDE60A0093EB926 which appears to be one that was actually uploaded):

[
  {
    "id": 218891,
    "primary_key_id": null,
    "key_id": "002E9FFD10C56403",
    "raw_key": null,
    "public_key": "xsFNBFmv4asBEACtYpKTi3WeKvZL4vNhpGJ/66+GIW6S+n+Hct3XNH+25Gy0b91r4rH7eEkgERwn9cvYsLKop67N9nTTCUz4CM6RAWIYXEp9+/cU/h2hMs7rt3BmqGJA+8GHBmPsXDOJqBFiF0xOejgoQNw3FeS8WZ4VfJgX8z/dFwyeGHfPXk4TL+DN0li9T7gG96CEAQqu7AeXNVoO+Gw+sSC7pn4+lviXH9lsqO6pTPHIJs2N3MxuXhW2Tn3UldYhsTwWbv8cxPjPzRWgIVEAptNQmX7e0AW1qyCT8uuM7k8j1hb1o71q07tVgeE/xUGTByq0ngzDqwllr+oJ0gL+bZu9wr3aUf+VYn2VQS5CpaK3+Lc7A0qcsovWaKHQljqr5/T2vlLVuUQ5ZlIaimv0N5+j4NJixKtF2vGbdx6VjMvw28Eu88Cxn6j0SM999v6QfUNnYuThhQAnSVSQQX6n0MJQWrSfeB2JxElxCTZUv1H0j2vwdqaC8UrAQo5q/QvPXIWNbiylmrgHfndpwy4DLwOV1+v9wsKq7Xlit8bfrh3PnNT5VYXcriUgmPkX7AgalUWW7eU996VyTRT6kARsea//4lPxyVbmKsbhbATPh9dqSScOoeo4tReJ6Xfkc9/IRqhXMAWPWCyeR769HRK5SNqBvFt2SP6n+UAZjftqMpV5JY1ewSqA0wARAQAB",
    "emails": [
      {
        "email": "lauris@nix.lv",
        "verified": true
      }
    ],
    "subkeys": [
      {
        "id": 218892,
        "primary_key_id": 218891,
        "key_id": "6E25973C4BACF28D",
        "raw_key": null,
        "public_key": "zsFNBFmv4asBEADRfJDkCFCey4pCM7OD5C+6Gp9racCyC2MwPr7/YJ5DtB5pEHCOU8UB9S2vMEYExj1isUGKQ5G1sZFumXJa0ZxOdpxHwhAcv4K5hA8dRG4ox5HQpfdweDrsRUBKSp6yZCWiqBDc7213sRkH91tzgPjEQs+XWp6GnudAwH/kVwMtbnIoP8EyxP++sYeMysPyEDDXE6rHUVVqgh8zSdkrQ4W56FxrJe68usihZwAztPMz5D0eGFpOMftFcrAFSY4tXfwKKH8oZUe1yo2L1EMOQftZdoz1aS4JCjFKKxxT1TWoQ1CxLYKLGbQicSxEl1PaMfIrQBC6TVV8i8p43A2Cva/IiIfHwdkMd97bauWyFng14HYnXx8jJpmdPDps6pHrNEjAcC8gkBkN8BizjnfbLGbNyYfREVrz0UzehhjBPFxgdba2dpjsDAkQPqMu/gX+A8vUWSaRe9TKajDtoMNzPFn6xfxwY1U9eyhEU8xmUAU1B2s1JkEyO+0g4n+UxtZ0qwJtp6jWlHmZNzocQO82SzODaytvzs3keeEiw/CYwr6D9Nov1SZ65FO39Z6PngQpXeZKufiy8iDKDRDckPp41pT+cHt+yFPHrA7BEw3wWJQwJOmPWB9WOSvZ4t62CTQDhCEDq++uWfohJmbigmNw8+em34K94e/TjOQd5a023I7bhQARAQAB",
        "emails": [

        ],
        "subkeys": [

        ],
        "can_sign": false,
        "can_encrypt_comms": true,
        "can_encrypt_storage": true,
        "can_certify": false,
        "created_at": "2017-09-06T11:54:43.000Z",
        "expires_at": null
      }
    ],
    "can_sign": true,
    "can_encrypt_comms": false,
    "can_encrypt_storage": false,
    "can_certify": true,
    "created_at": "2017-09-06T11:54:43.000Z",
    "expires_at": null
  },
  {
    "id": 176869,
    "primary_key_id": null,
    "key_id": "AECE216D007B1CCC",
    "raw_key": null,
    "public_key": "xsFNBFkIzMIBEADUCYRw3yXiCkzxYXWKh1xsYTU04w77VKs7psquG+LYSjl5juuavJzHKniaMMTCyMWpvslmC2ke+udY6nCAcm7lW+vaNo2eABjC9GTPjeuYkV/RpJy9V8ituo0o4NXdD+ekQaTqgSdutRMoUF+60obD83QNJxz0vOrHatESZlcFjKYDo3MVbT+Cy/9lgf2Osc7gx825vvuN75IvsUVb1BXdm3D7SGW3jTy62KCJzvOXX33UdxKN/zehRFM0qk36Iwr8Dmp8HaAhNXJ3MgzzN20kdA6MFhW8MsZmYVJVih/svA9BL+4EDE5u4bxsC3dSDbJpksWi1OTebvdl0P8gIEirpLsbfftvu89m7sm3JIWW3jj69SQjbAScNOlSm1hSxWSV6m0pSLZhG1cxcXR9AtW9SMOkgDc2/9mwocYmvqLD7GBOK/iV4Q0SchnNZZEHxXjxoHIfmsTingYqdU0GjDdsJcPKsLa2Sw+0jBQ/IfbaUH8gbUtiCkukSqR6rUGwkER8k8Ncamn1i3TlVNd7T2qF4i/dmaoAbCw3TNp5Uvp5pHITydHi352B9ntfQ4QXK62FP3XgMV1txVxEXt5rDhj8u/H5t34UK2v4xhI6VtCQQ1ewoTDrvpRX5nvlSfbRWsO3zV8Dc9s+lBOpe+ZBBT50xO+NHlk5fOz/JNYS4H7muQARAQAB",
    "emails": [
      {
        "email": "lauris@nix.lv",
        "verified": true
      }
    ],
    "subkeys": [
      {
        "id": 176870,
        "primary_key_id": 176869,
        "key_id": "103A91F0FF9869DA",
        "raw_key": null,
        "public_key": "zsFNBFkIzMIBEACyZuaertUVhqEnM+J1IW3iplTNIk8oZ4W4p34a9EIkjPK4E5U4Fqy6qQJA0xfGQQJKdxL/NNLcZT//2KKKf7tynMLGHQQzmfqUEmNuXxhaqfl5xs6qoXhRntq/0zmAPLUQ17kYqSFeICaBRf9B/EK76qx+oWK/cXPkhASK3xhYx0YpxZHpiEu5RcsuKEbjU2hFNWP3hGqqSVG9WBIvF+Sr+qzyqTpBMjcB5uq2jnxuOjHae64LmjpcxsmyrRM7qfxOKHZwA2yDNuCqBVIwUpraINREUUmZcKGMgiRaWEzEZ5nQYqa8sVIzwu2Dfw6rmUGX+HO4/KQ7RYE8h/5ASCA9WcsaIjeYhCLIENKyQ3mn3irsL/tA82/Ns5mJQmQkTu1QM0njAPcb2iMlCoTme6+GvUGji6pnxUDi/UTqqLGfmitq1kV11nfZoE3ETs5Ae5yv9Drw3Ag5LjqVIUKGo5f0ewSSk/UWG8MDdiN5RcZQDQHT+Prfe0iQm0+cieLc3X6HMQv2ygCIT8MCD0YSljftUjnal8gdGkGMMvYWmldkVgCAJwSfyb1mVjCG4EWJ8wNq3I+lVxX8dJ4iqlBJy07ZUT97T5RFMekWNkVW25iSvtugTXLwKAnEVBIdk2+GhyRL+FweKcgBxGHCzs3DY1UnQ07xO2GGjqJdPgQeIuYhEwARAQAB",
        "emails": [

        ],
        "subkeys": [

        ],
        "can_sign": false,
        "can_encrypt_comms": true,
        "can_encrypt_storage": true,
        "can_certify": false,
        "created_at": "2017-05-02T19:33:15.000Z",
        "expires_at": null
      }
    ],
    "can_sign": true,
    "can_encrypt_comms": false,
    "can_encrypt_storage": false,
    "can_certify": true,
    "created_at": "2017-05-02T19:33:15.000Z",
    "expires_at": null
  },
  {
    "id": 389730,
    "primary_key_id": null,
    "key_id": "DFDE60A0093EB926",
    "raw_key": "-----BEGIN PGP PUBLIC KEY BLOCK-----\r\n\r\nmQINBFs/sX8BEADFRdCf86KpGFpH65AijPqy368VLL4tmCBSiQBDzOGMSPxfZhVG\r\nkWKVMV1a0yGGxr6gugO3lnsuhvVTgjeVisVd/O29zzwtF/XCECkZ7qNqcrbqzwJG\r\nl6jcNTq0jkKd3gvPljAm5QJhx5zhSM6oVtvwjVW+sGQ9M0Wg5rd8YaeoO0Nu/ScQ\r\nNjVgP07WikwgUEDtSnAbBn1WfYXEnC799n0jWAwxg1VrNJjiBqjfYIoQJzUl1wZG\r\na8CaZCAg9QOuAiYFKj+rvzffJzl46uk1QLH2xD+5LKsH2HJ/7NJaGVYP8Kk9g8Ed\r\nD34ClLkI2WmsTMeQJ9AWu0dHjgyKh8J1P5L7CUqCnCmtocUm3TI8Fn9SZ8o+f9SU\r\neASt7EGXRsxj4rR6Pp5akKBssnXSM0OzKbZ5jWhjtm3ow8Zfu9O2aFDs9R7Mn6Ec\r\nfKCTozfHtweQhl/qrkxgOHuns6ncEfoucPq0mbE58EsCf4v8GhKns7/oGWnIKlt8\r\nTGroiej/Xev8JEdvXyxYhx7yPmwk5ivUIC/3bMK+oESlvZCamRhg4H+A0mWrqkPD\r\neqBiuK7PvuGWY1+cZ1uL2wV81ymOfmjNq87GHvOfT4QhY9AIOl2B5iNkPutnzGGK\r\ndXoAhX8sCvkSKt9La5xR5GDbAiZaz0fznyz0osn+v6l7J44pKRvce+7XmwARAQAB\r\ntClMYXVyaXMgQnVrxaFpcy1IYWJlcmtvcm5zIDxsYXVyaXNAbml4Lmx2PokCTgQT\r\nAQoAOBYhBNj5Zy13wLtgoCTCPt/eYKAJPrkmBQJbP7F/AhsDBQsJCAcDBRUKCQgL\r\nBRYCAwEAAh4BAheAAAoJEN/eYKAJPrkmVY0P/RE4jPWzj1UE2jklLfqdwSPCBNgk\r\nG4C7MrmZqrDvhrGOHFmTnP6FH0++vnTCXILg8n8t1+5ZfDpf2qNTSuEZUyTFpOD6\r\nNzI4rjY2+fm5u1QYg+I/5S4y1YBnEk1AEhWpwPu0u3LnQD2GmL1S29MW8z+nJ8Wk\r\n44koM8hD3HhFZHdOV+7PxjsXj+kgn0uzaBegMV/VGRlUubf9QI6oXLY9qggBfovk\r\nzXDEPYyEDbonwLGe3AV/Tj8Esb/w5VZNQQmwh02NXi1QcnlssJGlx2i83Rt63UKN\r\nDQ4qB97KxfZUCmWoqIrHq6bJBQzVasW7kOnBxcQmFfCyfJM4QiewGkPMJt3+2xLy\r\nVBHjYK+PjllRrF0eaESkIOKiIZ6l49flau8pBPUIqKvF0I9TLPGsaDC0j71sX2M3\r\n7GBZeScUhlplvrUgox8airfvhu+J/EWSEPcMQ05rTUcIit4EI+2x3AlAQOg4gmXs\r\n8XHtL8eb/zVS2Ygv8EU5ijCxdnAKkFP/tUgn7LOE6KiAvXkD697sj9VhWpkn96RT\r\nmPSSYPQGvPGoA9GhBayBwpH27HU1OsDXGuAxtaYYVmihQ9fJW6decbI3gv53pHNM\r\nEt2nHJdQfiixWKb6kwv8DDhxWz+l2FxWJwnu8J1sTYV1lCLGsKrEpoDbqUuLDvcw\r\nC68OlO+YiQtt/Zo/uQINBFs/sX8BEADCJ7F16Nqlku7KEwpA0Hhvyd3PZBn0NrkT\r\nthTWkFfvW7Cpl5eDXGQU2HvfphPI2QUgr2EU6QwHrSeFgox14wMp1Js8X+Zts7V1\r\nnGZGjcHOEstrdeltNfAsPwPs4QWzoe9vC2aVMUNnnXQcAaew7ZDzmwP8Nvx0wcK9\r\n7hMZ/TUr7/WxA1ZN0Nx8npMQjr+LIZgi8Im8xEVihAX/0VdLXRW/nqXeNmye0ZT/\r\n8sQYYzFlyNB2/6ruWAdaRG+aDq3GWdw0LxH0mnZ4AF13su4vdWXBDASXCwwe8m0R\r\ndogdWp9zPEmH35TuVUI2O5pg/XJHDCId/KIno74RUjqTDGbrCiYrAUrmxwSRsTup\r\nl+kIMLRxXJ6/iCm5ejY9NyefmqSdgUjy9nxBFry1s+CMIh77bb0oHsJBXriT48ey\r\n4J3KqnShV6k1YeXqO1InoxPHN5JKLmvyPuXU91daADEI0h2v8HMIxgVAeMtmw0HW\r\nvEqeCxlJZFaKjC+vOZDhrBk6B5Sru7y0HxzSwzCm5YGIQf1ITuCOMwKLlnJEebAL\r\nutHB7wQ+VanXWaWh3GLRnc1zRga/6hjuEum8eI9ul3+UxRof2wxFyzk1ZILZiR54\r\n6+LdRVDL4HW+L3+eSRoH08YvSfQaX53M0KHnBgblxZTaNomdGmhPubfwWjiudN7Q\r\n080GumkkcwARAQABiQI2BBgBCgAgFiEE2PlnLXfAu2CgJMI+395goAk+uSYFAls/\r\nsX8CGwwACgkQ395goAk+uSbR+Q/8C301DLy2uzCdwhSxQ6BijnKplwCx81iwPMGn\r\n0pYHHu9WT2zfeRzSCTL916ghvEYUuPwqGPC4puPj8ChVHpJ7o/axDl6xK9MgzKtg\r\nlSr+3Az4eS6HLrpub7GlsL4bRu7pr17whFUnIpKzOSwA3nDDu3AuCibTb0rhlcFf\r\nqDixE98oIJDbN4AkketAl2uWkQVb0nwRTIqeA44NCjDj2/btVE/hAKm++Sj9Lky6\r\nqGM8ilblGIR8gAYbf5AffJ3muAK1Ex/zQY4dBjB247EPSl7dL9r3Y0Uh+SxWgZV5\r\nRkXhZlO8U+SxCN2oOiEDpC2rpxAkEJVxD1OH8Vm20hkBjbVaSdPK6z6NJPqV3iZn\r\n5p2+umm6+OBDDr49VkdkbK3jS+tq2VCnehrOcR8S6kqnzdZIB5JNTlW3j5PKRJjA\r\n9g8TvFr/7zv++atLxq0o+XynXj2IeeqOOrrWt3l9myFBhi7QF2/Z0GwwZutZNWgk\r\nrNCHtcM20nGaJh7LK5Dmk84XW0pXQHqNRhsz9tcLdx97wsj56ffIxuJyFYwxvCEp\r\nfK1GH47G79a+rADm0b4jmNCwcl6JPW18lp8SKGjSXkr44YxKo4JgJTYzAD4dlIe1\r\nXCc73exgkYyQ/d2s9R4jcn9gpd+wvTJGkO21x1ACYS/GX+bcLBCMGxSHwU7Xkg26\r\nIeEXflu5Ag0EWz+3AAEQALcHqoeqxe8uLktgcWjQxHsvOaxFt2nfBjPRIIoM5pn/\r\nO1enEQNhTU5BlwnkTdt+KY+vZItrXFdGOekMg6zJzeQrfkCxebRiEcDslvRUBeS0\r\nfFDCbnKnycM2EgGn8zSyIa6aCBJ0cxbwl7cDgucl0+68td8zhNmCuaeVVaRK07Qa\r\nQs3s4EgiMYMRtfmQU2Q1VW9kb1rcF2H6dRtzHmhlKlkJllRUxYVMs93qFF+EP409\r\nWgg7gua8NEkhvNkd2Ps6a4Cn+SirXuqYAbGT5LyWlN+DtFVo4U2sDVfUT3F++vAE\r\nzHo3HbRtF7GmbMermgodJDfUm7F1BDnbBfGoPlWHKwWtdJgv9ApTJi7H92EyfUTJ\r\n7QkmxKtCNNX+gVAhT0g/rkN/BaAqBChtyjQdp4R0OytELZRrLUj5srhHOpyR1ljG\r\nfU81Un3wGqhjo8jfC6/ZIj0eeaiJPkza6XTX0nO3RciHKTtABVSwfF+2WXZy0iky\r\nPbbe1NVzBLn6RBNyZ/rpYxaDWnuXnv1ngwRFqsl81JYTztYug3GjIDOfLaTG9DcQ\r\nyWpdxogkivlQK4FHTToIoWRvjRDZZfsDd8N+iDQ+K9C8CNffm8X46m78idO1OyZt\r\nt9TWtGrnjpSQql97rLcKUbBqiiS2w3QZMmdCT2/g7rtTUvNUMTYuhFsk7Ntk+OS9\r\nABEBAAGJBHIEGAEKACYWIQTY+Wctd8C7YKAkwj7f3mCgCT65JgUCWz+3AAIbAgUJ\r\nAeEzgAJACRDf3mCgCT65JsF0IAQZAQoAHRYhBB5Hg0u1qPH3nMXqW2mL2ZGxSeqV\r\nBQJbP7cAAAoJEGmL2ZGxSeqVdPwP/25MY9rBbN6hUvVbTktmaVmLxnP1I3LEsAUP\r\nLnHNGCT9rB/OiQRK6lZ+9rEEHoCjvaNKwOe079KbE0EroSn1uamvO1R+4RFdZZ3g\r\n8994GaI6PgKHUIsiUuPTQyT3bQMhlPsPsjGLkkM37JslYMT3QefJVC7hudbXRBuT\r\nmLbV4oICLY/GVKQDv3jjqQ3uTtcEC1hOoFgVBz7R/mZKMdqTYrIts9HVqOp/n1UL\r\ndB6YXYE0xklT0bfE6RHtcqffbB+oShQmgjUngW9CZRm2+yOh+fWzbTOynHrCj2c6\r\nxSOHCRigdkjItO4LenWJtvThW8p25P2w6TAQJFzk1G/pzJDrdrDk+QbEa325dXdg\r\nx8gCbzB1COXgZkIKgDUIi3SwMBZfwY+Nc9E3oWuPTqcj/YboD3UMLiERz4pXSIC9\r\nT40O22hr5EEPfiphL0221OZ3GOOYBf5CflpWQwMtXEFRzkQov8Uy6P/D0L8yFCK5\r\nDn20g88z8GFugN+Cy2F+CJ1Gs3GUh/foRUMpvIc58ZVLSeFJs6F+iCYtql9iqulV\r\nWYXYahcFBK2Fm++M2tnV8BOxJaLUrsv0mfw8Xd3NJcbDexDJnZWZysJfFPhbxsrV\r\nnWaYev84oIbvogZ/fYGWMR7ZMA7KZXnGFSUngEEelm10V1vDBBSA+WlarQcMNEGD\r\nOFT5CjKHFGkQALvYNSswR76zX9SVkYcnYQJwSce5M9Le5UnDnJqozlofaxwVTfME\r\n8MjZsRVjuW2MVIGTsmfBd+HK+0gmcwBWurvNcB6yLCqXDNV3qAREykdwKNGqY9hF\r\nsjSg+TXCyQkvT5PZKsX2NLeBWSfG0j0Lek0HrhRZbXjrwo6BZU69gmoornQIQxjt\r\ndyzn8sGG5EQq+myHZ2lpQcLqsZd7EwvDbCURrY3Xdpw/LT4fMtGgl+IR2yvPkBLV\r\neiVxIj3PyDZhluqkFFqV4oZ0WsujTzwTrBX8+TqeS3GSVwaZicziUgha8zIsDWLq\r\noGHDAdMICaeGri1I/AHOhBxDQNQMgkQ+YB+PArBQCwbWQw769hmYaSSNGX8iqSVz\r\n9vHDhsqJZuFc94iJ8xwIHgTVOr8PaAfryzlrGQ6y4BZDLqH3OemcTwUMWsoqDhir\r\nV7Z/LnByLAtLURqNhVeY63RmAj8lba5+BUXeY5yWKx4t60C7+P5M1rjMC2ebkaQT\r\nb/N971BZrJlqvNmBEZTVjwDnx4BbCkdKDUsxsJvcrDe7WyguVkkNvNChEqcKdilj\r\nEpFnkFSUrOpEKoNxb7xlJivFanT46paxebfRSMKljG/H2a2KI4bw8TZJY/kOZNWf\r\nVa8v1ZDytzI+w+6D0U4j62Cj5KuUjQ6RiJj9WagMhr/jC/2dffz03ysA\r\n=UqMk\r\n-----END PGP PUBLIC KEY BLOCK-----",
    "public_key": "xsFNBFs/sX8BEADFRdCf86KpGFpH65AijPqy368VLL4tmCBSiQBDzOGMSPxfZhVGkWKVMV1a0yGGxr6gugO3lnsuhvVTgjeVisVd/O29zzwtF/XCECkZ7qNqcrbqzwJGl6jcNTq0jkKd3gvPljAm5QJhx5zhSM6oVtvwjVW+sGQ9M0Wg5rd8YaeoO0Nu/ScQNjVgP07WikwgUEDtSnAbBn1WfYXEnC799n0jWAwxg1VrNJjiBqjfYIoQJzUl1wZGa8CaZCAg9QOuAiYFKj+rvzffJzl46uk1QLH2xD+5LKsH2HJ/7NJaGVYP8Kk9g8EdD34ClLkI2WmsTMeQJ9AWu0dHjgyKh8J1P5L7CUqCnCmtocUm3TI8Fn9SZ8o+f9SUeASt7EGXRsxj4rR6Pp5akKBssnXSM0OzKbZ5jWhjtm3ow8Zfu9O2aFDs9R7Mn6EcfKCTozfHtweQhl/qrkxgOHuns6ncEfoucPq0mbE58EsCf4v8GhKns7/oGWnIKlt8TGroiej/Xev8JEdvXyxYhx7yPmwk5ivUIC/3bMK+oESlvZCamRhg4H+A0mWrqkPDeqBiuK7PvuGWY1+cZ1uL2wV81ymOfmjNq87GHvOfT4QhY9AIOl2B5iNkPutnzGGKdXoAhX8sCvkSKt9La5xR5GDbAiZaz0fznyz0osn+v6l7J44pKRvce+7XmwARAQAB",
    "emails": [
      {
        "email": "lauris@nix.lv",
        "verified": true
      }
    ],
    "subkeys": [
      {
        "id": 389731,
        "primary_key_id": 389730,
        "key_id": "ECF9122A9ECF3A2F",
        "raw_key": null,
        "public_key": "zsFNBFs/sX8BEADCJ7F16Nqlku7KEwpA0Hhvyd3PZBn0NrkTthTWkFfvW7Cpl5eDXGQU2HvfphPI2QUgr2EU6QwHrSeFgox14wMp1Js8X+Zts7V1nGZGjcHOEstrdeltNfAsPwPs4QWzoe9vC2aVMUNnnXQcAaew7ZDzmwP8Nvx0wcK97hMZ/TUr7/WxA1ZN0Nx8npMQjr+LIZgi8Im8xEVihAX/0VdLXRW/nqXeNmye0ZT/8sQYYzFlyNB2/6ruWAdaRG+aDq3GWdw0LxH0mnZ4AF13su4vdWXBDASXCwwe8m0RdogdWp9zPEmH35TuVUI2O5pg/XJHDCId/KIno74RUjqTDGbrCiYrAUrmxwSRsTupl+kIMLRxXJ6/iCm5ejY9NyefmqSdgUjy9nxBFry1s+CMIh77bb0oHsJBXriT48ey4J3KqnShV6k1YeXqO1InoxPHN5JKLmvyPuXU91daADEI0h2v8HMIxgVAeMtmw0HWvEqeCxlJZFaKjC+vOZDhrBk6B5Sru7y0HxzSwzCm5YGIQf1ITuCOMwKLlnJEebALutHB7wQ+VanXWaWh3GLRnc1zRga/6hjuEum8eI9ul3+UxRof2wxFyzk1ZILZiR546+LdRVDL4HW+L3+eSRoH08YvSfQaX53M0KHnBgblxZTaNomdGmhPubfwWjiudN7Q080GumkkcwARAQAB",
        "emails": [

        ],
        "subkeys": [

        ],
        "can_sign": false,
        "can_encrypt_comms": true,
        "can_encrypt_storage": true,
        "can_certify": false,
        "created_at": "2018-07-06T20:34:39.000Z",
        "expires_at": null
      },
      {
        "id": 389732,
        "primary_key_id": 389730,
        "key_id": "698BD991B149EA95",
        "raw_key": null,
        "public_key": "zsFNBFs/twABEAC3B6qHqsXvLi5LYHFo0MR7LzmsRbdp3wYz0SCKDOaZ/ztXpxEDYU1OQZcJ5E3bfimPr2SLa1xXRjnpDIOsyc3kK35AsXm0YhHA7Jb0VAXktHxQwm5yp8nDNhIBp/M0siGumggSdHMW8Je3A4LnJdPuvLXfM4TZgrmnlVWkStO0GkLN7OBIIjGDEbX5kFNkNVVvZG9a3Bdh+nUbcx5oZSpZCZZUVMWFTLPd6hRfhD+NPVoIO4LmvDRJIbzZHdj7OmuAp/koq17qmAGxk+S8lpTfg7RVaOFNrA1X1E9xfvrwBMx6Nx20bRexpmzHq5oKHSQ31JuxdQQ52wXxqD5VhysFrXSYL/QKUyYux/dhMn1Eye0JJsSrQjTV/oFQIU9IP65DfwWgKgQobco0HaeEdDsrRC2Uay1I+bK4RzqckdZYxn1PNVJ98BqoY6PI3wuv2SI9HnmoiT5M2ul019Jzt0XIhyk7QAVUsHxftll2ctIpMj223tTVcwS5+kQTcmf66WMWg1p7l579Z4MERarJfNSWE87WLoNxoyAzny2kxvQ3EMlqXcaIJIr5UCuBR006CKFkb40Q2WX7A3fDfog0PivQvAjX35vF+Opu/InTtTsmbbfU1rRq546UkKpfe6y3ClGwaooktsN0GTJnQk9v4O67U1LzVDE2LoRbJOzbZPjkvQARAQAB",
        "emails": [

        ],
        "subkeys": [

        ],
        "can_sign": true,
        "can_encrypt_comms": false,
        "can_encrypt_storage": false,
        "can_certify": false,
        "created_at": "2018-07-06T20:34:39.000Z",
        "expires_at": null
      }
    ],
    "can_sign": true,
    "can_encrypt_comms": false,
    "can_encrypt_storage": false,
    "can_certify": true,
    "created_at": "2018-07-06T20:34:39.000Z",
    "expires_at": null
  }
]

I'm curious how the raw key format differs from the public key blob (perhaps the binary key, base64 encoded?). Does anyone know how you can take that blob and turn it into a valid GPG key?

If so, we could use that to verify commits for each maintainer. I'm probably overthinking it but thought verification would be simpler to do 😺

Cheers

EDIT: OK, that's definitely a base64-encoded version of the signing key. When I decode that to binary, I can import that into GPG but can't seem to do anything with it (nor with git verify-tag) The fingerprint does match though.

$ base64 -d pubkey.asc > binary.gpg

$ gpg --list-packets binary.gpg
# off=0 ctb=c6 tag=6 hlen=3 plen=525 new-ctb
:public key packet:
	version 4, algo 1, created 1493748930, expires 0
	pkey[0]: [4096 bits]
	pkey[1]: [17 bits]
	keyid: AECE216D007B1CCC


$ gpg --import binary.gpg
gpg: key 007B1CCC: no user ID
gpg: Total number processed: 1

$ gpg --edit-key 007B1CCC
gpg: key "007B1CCC" not found: No public key

$ cd ~/gitea
$ git verify-tag v1.5.0-rc1

gpg: Signature made Tue 03 Jul 2018 03:47:43 PM CDT using RSA key ID 007B1CCC
gpg: Can't check signature: No public key

@4oo4 commented on GitHub (Jul 8, 2018): @lafriks This is only applicable to the binaries and not the actual git tags. I know you mentioned that the release tag signature depends on who the merger is, and "Github magic" (so more complex than the way the binaries are signed/verified), would it still be worth looking into being able to verify the git tags for those of us that build from source? The binaries are obviously priority, but this would still be really nice to have for the source. I know that I'm able to do that with Bitcoin Core git tags, but it looks like they have only one person that signs the releases. Perhaps if there were a list of the user's keys that would be making releases, we could verify off of that? By poking around the Github API, it looks like it's creating subkeys that are tied to something (either the Github account or the user's uploaded GPG key), but I can't figure out how to get a valid GPG key from it to verify what Github shows. I'm hoping that someone who is more familiar with Github (especially the API) can clarify what happens with signatures when doing a Squash and Merge and how to grab the right key. Here's my attempts to try that: For the most recent tag `v1.5.0-rc1`, we can see that according to Github the release was verified with key `AECE216D007B1CCC`, associated with @lafriks. When I try to retrieve that key (`curl https://api.github.com/users/lafriks/gpg_keys`), I get a base64 blob that is associated with that ID (in addition to key ID `DFDE60A0093EB926` which appears to be one that was actually uploaded): ```json [ { "id": 218891, "primary_key_id": null, "key_id": "002E9FFD10C56403", "raw_key": null, "public_key": "xsFNBFmv4asBEACtYpKTi3WeKvZL4vNhpGJ/66+GIW6S+n+Hct3XNH+25Gy0b91r4rH7eEkgERwn9cvYsLKop67N9nTTCUz4CM6RAWIYXEp9+/cU/h2hMs7rt3BmqGJA+8GHBmPsXDOJqBFiF0xOejgoQNw3FeS8WZ4VfJgX8z/dFwyeGHfPXk4TL+DN0li9T7gG96CEAQqu7AeXNVoO+Gw+sSC7pn4+lviXH9lsqO6pTPHIJs2N3MxuXhW2Tn3UldYhsTwWbv8cxPjPzRWgIVEAptNQmX7e0AW1qyCT8uuM7k8j1hb1o71q07tVgeE/xUGTByq0ngzDqwllr+oJ0gL+bZu9wr3aUf+VYn2VQS5CpaK3+Lc7A0qcsovWaKHQljqr5/T2vlLVuUQ5ZlIaimv0N5+j4NJixKtF2vGbdx6VjMvw28Eu88Cxn6j0SM999v6QfUNnYuThhQAnSVSQQX6n0MJQWrSfeB2JxElxCTZUv1H0j2vwdqaC8UrAQo5q/QvPXIWNbiylmrgHfndpwy4DLwOV1+v9wsKq7Xlit8bfrh3PnNT5VYXcriUgmPkX7AgalUWW7eU996VyTRT6kARsea//4lPxyVbmKsbhbATPh9dqSScOoeo4tReJ6Xfkc9/IRqhXMAWPWCyeR769HRK5SNqBvFt2SP6n+UAZjftqMpV5JY1ewSqA0wARAQAB", "emails": [ { "email": "lauris@nix.lv", "verified": true } ], "subkeys": [ { "id": 218892, "primary_key_id": 218891, "key_id": "6E25973C4BACF28D", "raw_key": null, "public_key": "zsFNBFmv4asBEADRfJDkCFCey4pCM7OD5C+6Gp9racCyC2MwPr7/YJ5DtB5pEHCOU8UB9S2vMEYExj1isUGKQ5G1sZFumXJa0ZxOdpxHwhAcv4K5hA8dRG4ox5HQpfdweDrsRUBKSp6yZCWiqBDc7213sRkH91tzgPjEQs+XWp6GnudAwH/kVwMtbnIoP8EyxP++sYeMysPyEDDXE6rHUVVqgh8zSdkrQ4W56FxrJe68usihZwAztPMz5D0eGFpOMftFcrAFSY4tXfwKKH8oZUe1yo2L1EMOQftZdoz1aS4JCjFKKxxT1TWoQ1CxLYKLGbQicSxEl1PaMfIrQBC6TVV8i8p43A2Cva/IiIfHwdkMd97bauWyFng14HYnXx8jJpmdPDps6pHrNEjAcC8gkBkN8BizjnfbLGbNyYfREVrz0UzehhjBPFxgdba2dpjsDAkQPqMu/gX+A8vUWSaRe9TKajDtoMNzPFn6xfxwY1U9eyhEU8xmUAU1B2s1JkEyO+0g4n+UxtZ0qwJtp6jWlHmZNzocQO82SzODaytvzs3keeEiw/CYwr6D9Nov1SZ65FO39Z6PngQpXeZKufiy8iDKDRDckPp41pT+cHt+yFPHrA7BEw3wWJQwJOmPWB9WOSvZ4t62CTQDhCEDq++uWfohJmbigmNw8+em34K94e/TjOQd5a023I7bhQARAQAB", "emails": [ ], "subkeys": [ ], "can_sign": false, "can_encrypt_comms": true, "can_encrypt_storage": true, "can_certify": false, "created_at": "2017-09-06T11:54:43.000Z", "expires_at": null } ], "can_sign": true, "can_encrypt_comms": false, "can_encrypt_storage": false, "can_certify": true, "created_at": "2017-09-06T11:54:43.000Z", "expires_at": null }, { "id": 176869, "primary_key_id": null, "key_id": "AECE216D007B1CCC", "raw_key": null, "public_key": "xsFNBFkIzMIBEADUCYRw3yXiCkzxYXWKh1xsYTU04w77VKs7psquG+LYSjl5juuavJzHKniaMMTCyMWpvslmC2ke+udY6nCAcm7lW+vaNo2eABjC9GTPjeuYkV/RpJy9V8ituo0o4NXdD+ekQaTqgSdutRMoUF+60obD83QNJxz0vOrHatESZlcFjKYDo3MVbT+Cy/9lgf2Osc7gx825vvuN75IvsUVb1BXdm3D7SGW3jTy62KCJzvOXX33UdxKN/zehRFM0qk36Iwr8Dmp8HaAhNXJ3MgzzN20kdA6MFhW8MsZmYVJVih/svA9BL+4EDE5u4bxsC3dSDbJpksWi1OTebvdl0P8gIEirpLsbfftvu89m7sm3JIWW3jj69SQjbAScNOlSm1hSxWSV6m0pSLZhG1cxcXR9AtW9SMOkgDc2/9mwocYmvqLD7GBOK/iV4Q0SchnNZZEHxXjxoHIfmsTingYqdU0GjDdsJcPKsLa2Sw+0jBQ/IfbaUH8gbUtiCkukSqR6rUGwkER8k8Ncamn1i3TlVNd7T2qF4i/dmaoAbCw3TNp5Uvp5pHITydHi352B9ntfQ4QXK62FP3XgMV1txVxEXt5rDhj8u/H5t34UK2v4xhI6VtCQQ1ewoTDrvpRX5nvlSfbRWsO3zV8Dc9s+lBOpe+ZBBT50xO+NHlk5fOz/JNYS4H7muQARAQAB", "emails": [ { "email": "lauris@nix.lv", "verified": true } ], "subkeys": [ { "id": 176870, "primary_key_id": 176869, "key_id": "103A91F0FF9869DA", "raw_key": null, "public_key": "zsFNBFkIzMIBEACyZuaertUVhqEnM+J1IW3iplTNIk8oZ4W4p34a9EIkjPK4E5U4Fqy6qQJA0xfGQQJKdxL/NNLcZT//2KKKf7tynMLGHQQzmfqUEmNuXxhaqfl5xs6qoXhRntq/0zmAPLUQ17kYqSFeICaBRf9B/EK76qx+oWK/cXPkhASK3xhYx0YpxZHpiEu5RcsuKEbjU2hFNWP3hGqqSVG9WBIvF+Sr+qzyqTpBMjcB5uq2jnxuOjHae64LmjpcxsmyrRM7qfxOKHZwA2yDNuCqBVIwUpraINREUUmZcKGMgiRaWEzEZ5nQYqa8sVIzwu2Dfw6rmUGX+HO4/KQ7RYE8h/5ASCA9WcsaIjeYhCLIENKyQ3mn3irsL/tA82/Ns5mJQmQkTu1QM0njAPcb2iMlCoTme6+GvUGji6pnxUDi/UTqqLGfmitq1kV11nfZoE3ETs5Ae5yv9Drw3Ag5LjqVIUKGo5f0ewSSk/UWG8MDdiN5RcZQDQHT+Prfe0iQm0+cieLc3X6HMQv2ygCIT8MCD0YSljftUjnal8gdGkGMMvYWmldkVgCAJwSfyb1mVjCG4EWJ8wNq3I+lVxX8dJ4iqlBJy07ZUT97T5RFMekWNkVW25iSvtugTXLwKAnEVBIdk2+GhyRL+FweKcgBxGHCzs3DY1UnQ07xO2GGjqJdPgQeIuYhEwARAQAB", "emails": [ ], "subkeys": [ ], "can_sign": false, "can_encrypt_comms": true, "can_encrypt_storage": true, "can_certify": false, "created_at": "2017-05-02T19:33:15.000Z", "expires_at": null } ], "can_sign": true, "can_encrypt_comms": false, "can_encrypt_storage": false, "can_certify": true, "created_at": "2017-05-02T19:33:15.000Z", "expires_at": null }, { "id": 389730, "primary_key_id": null, "key_id": "DFDE60A0093EB926", "raw_key": "-----BEGIN PGP PUBLIC KEY BLOCK-----\r\n\r\nmQINBFs/sX8BEADFRdCf86KpGFpH65AijPqy368VLL4tmCBSiQBDzOGMSPxfZhVG\r\nkWKVMV1a0yGGxr6gugO3lnsuhvVTgjeVisVd/O29zzwtF/XCECkZ7qNqcrbqzwJG\r\nl6jcNTq0jkKd3gvPljAm5QJhx5zhSM6oVtvwjVW+sGQ9M0Wg5rd8YaeoO0Nu/ScQ\r\nNjVgP07WikwgUEDtSnAbBn1WfYXEnC799n0jWAwxg1VrNJjiBqjfYIoQJzUl1wZG\r\na8CaZCAg9QOuAiYFKj+rvzffJzl46uk1QLH2xD+5LKsH2HJ/7NJaGVYP8Kk9g8Ed\r\nD34ClLkI2WmsTMeQJ9AWu0dHjgyKh8J1P5L7CUqCnCmtocUm3TI8Fn9SZ8o+f9SU\r\neASt7EGXRsxj4rR6Pp5akKBssnXSM0OzKbZ5jWhjtm3ow8Zfu9O2aFDs9R7Mn6Ec\r\nfKCTozfHtweQhl/qrkxgOHuns6ncEfoucPq0mbE58EsCf4v8GhKns7/oGWnIKlt8\r\nTGroiej/Xev8JEdvXyxYhx7yPmwk5ivUIC/3bMK+oESlvZCamRhg4H+A0mWrqkPD\r\neqBiuK7PvuGWY1+cZ1uL2wV81ymOfmjNq87GHvOfT4QhY9AIOl2B5iNkPutnzGGK\r\ndXoAhX8sCvkSKt9La5xR5GDbAiZaz0fznyz0osn+v6l7J44pKRvce+7XmwARAQAB\r\ntClMYXVyaXMgQnVrxaFpcy1IYWJlcmtvcm5zIDxsYXVyaXNAbml4Lmx2PokCTgQT\r\nAQoAOBYhBNj5Zy13wLtgoCTCPt/eYKAJPrkmBQJbP7F/AhsDBQsJCAcDBRUKCQgL\r\nBRYCAwEAAh4BAheAAAoJEN/eYKAJPrkmVY0P/RE4jPWzj1UE2jklLfqdwSPCBNgk\r\nG4C7MrmZqrDvhrGOHFmTnP6FH0++vnTCXILg8n8t1+5ZfDpf2qNTSuEZUyTFpOD6\r\nNzI4rjY2+fm5u1QYg+I/5S4y1YBnEk1AEhWpwPu0u3LnQD2GmL1S29MW8z+nJ8Wk\r\n44koM8hD3HhFZHdOV+7PxjsXj+kgn0uzaBegMV/VGRlUubf9QI6oXLY9qggBfovk\r\nzXDEPYyEDbonwLGe3AV/Tj8Esb/w5VZNQQmwh02NXi1QcnlssJGlx2i83Rt63UKN\r\nDQ4qB97KxfZUCmWoqIrHq6bJBQzVasW7kOnBxcQmFfCyfJM4QiewGkPMJt3+2xLy\r\nVBHjYK+PjllRrF0eaESkIOKiIZ6l49flau8pBPUIqKvF0I9TLPGsaDC0j71sX2M3\r\n7GBZeScUhlplvrUgox8airfvhu+J/EWSEPcMQ05rTUcIit4EI+2x3AlAQOg4gmXs\r\n8XHtL8eb/zVS2Ygv8EU5ijCxdnAKkFP/tUgn7LOE6KiAvXkD697sj9VhWpkn96RT\r\nmPSSYPQGvPGoA9GhBayBwpH27HU1OsDXGuAxtaYYVmihQ9fJW6decbI3gv53pHNM\r\nEt2nHJdQfiixWKb6kwv8DDhxWz+l2FxWJwnu8J1sTYV1lCLGsKrEpoDbqUuLDvcw\r\nC68OlO+YiQtt/Zo/uQINBFs/sX8BEADCJ7F16Nqlku7KEwpA0Hhvyd3PZBn0NrkT\r\nthTWkFfvW7Cpl5eDXGQU2HvfphPI2QUgr2EU6QwHrSeFgox14wMp1Js8X+Zts7V1\r\nnGZGjcHOEstrdeltNfAsPwPs4QWzoe9vC2aVMUNnnXQcAaew7ZDzmwP8Nvx0wcK9\r\n7hMZ/TUr7/WxA1ZN0Nx8npMQjr+LIZgi8Im8xEVihAX/0VdLXRW/nqXeNmye0ZT/\r\n8sQYYzFlyNB2/6ruWAdaRG+aDq3GWdw0LxH0mnZ4AF13su4vdWXBDASXCwwe8m0R\r\ndogdWp9zPEmH35TuVUI2O5pg/XJHDCId/KIno74RUjqTDGbrCiYrAUrmxwSRsTup\r\nl+kIMLRxXJ6/iCm5ejY9NyefmqSdgUjy9nxBFry1s+CMIh77bb0oHsJBXriT48ey\r\n4J3KqnShV6k1YeXqO1InoxPHN5JKLmvyPuXU91daADEI0h2v8HMIxgVAeMtmw0HW\r\nvEqeCxlJZFaKjC+vOZDhrBk6B5Sru7y0HxzSwzCm5YGIQf1ITuCOMwKLlnJEebAL\r\nutHB7wQ+VanXWaWh3GLRnc1zRga/6hjuEum8eI9ul3+UxRof2wxFyzk1ZILZiR54\r\n6+LdRVDL4HW+L3+eSRoH08YvSfQaX53M0KHnBgblxZTaNomdGmhPubfwWjiudN7Q\r\n080GumkkcwARAQABiQI2BBgBCgAgFiEE2PlnLXfAu2CgJMI+395goAk+uSYFAls/\r\nsX8CGwwACgkQ395goAk+uSbR+Q/8C301DLy2uzCdwhSxQ6BijnKplwCx81iwPMGn\r\n0pYHHu9WT2zfeRzSCTL916ghvEYUuPwqGPC4puPj8ChVHpJ7o/axDl6xK9MgzKtg\r\nlSr+3Az4eS6HLrpub7GlsL4bRu7pr17whFUnIpKzOSwA3nDDu3AuCibTb0rhlcFf\r\nqDixE98oIJDbN4AkketAl2uWkQVb0nwRTIqeA44NCjDj2/btVE/hAKm++Sj9Lky6\r\nqGM8ilblGIR8gAYbf5AffJ3muAK1Ex/zQY4dBjB247EPSl7dL9r3Y0Uh+SxWgZV5\r\nRkXhZlO8U+SxCN2oOiEDpC2rpxAkEJVxD1OH8Vm20hkBjbVaSdPK6z6NJPqV3iZn\r\n5p2+umm6+OBDDr49VkdkbK3jS+tq2VCnehrOcR8S6kqnzdZIB5JNTlW3j5PKRJjA\r\n9g8TvFr/7zv++atLxq0o+XynXj2IeeqOOrrWt3l9myFBhi7QF2/Z0GwwZutZNWgk\r\nrNCHtcM20nGaJh7LK5Dmk84XW0pXQHqNRhsz9tcLdx97wsj56ffIxuJyFYwxvCEp\r\nfK1GH47G79a+rADm0b4jmNCwcl6JPW18lp8SKGjSXkr44YxKo4JgJTYzAD4dlIe1\r\nXCc73exgkYyQ/d2s9R4jcn9gpd+wvTJGkO21x1ACYS/GX+bcLBCMGxSHwU7Xkg26\r\nIeEXflu5Ag0EWz+3AAEQALcHqoeqxe8uLktgcWjQxHsvOaxFt2nfBjPRIIoM5pn/\r\nO1enEQNhTU5BlwnkTdt+KY+vZItrXFdGOekMg6zJzeQrfkCxebRiEcDslvRUBeS0\r\nfFDCbnKnycM2EgGn8zSyIa6aCBJ0cxbwl7cDgucl0+68td8zhNmCuaeVVaRK07Qa\r\nQs3s4EgiMYMRtfmQU2Q1VW9kb1rcF2H6dRtzHmhlKlkJllRUxYVMs93qFF+EP409\r\nWgg7gua8NEkhvNkd2Ps6a4Cn+SirXuqYAbGT5LyWlN+DtFVo4U2sDVfUT3F++vAE\r\nzHo3HbRtF7GmbMermgodJDfUm7F1BDnbBfGoPlWHKwWtdJgv9ApTJi7H92EyfUTJ\r\n7QkmxKtCNNX+gVAhT0g/rkN/BaAqBChtyjQdp4R0OytELZRrLUj5srhHOpyR1ljG\r\nfU81Un3wGqhjo8jfC6/ZIj0eeaiJPkza6XTX0nO3RciHKTtABVSwfF+2WXZy0iky\r\nPbbe1NVzBLn6RBNyZ/rpYxaDWnuXnv1ngwRFqsl81JYTztYug3GjIDOfLaTG9DcQ\r\nyWpdxogkivlQK4FHTToIoWRvjRDZZfsDd8N+iDQ+K9C8CNffm8X46m78idO1OyZt\r\nt9TWtGrnjpSQql97rLcKUbBqiiS2w3QZMmdCT2/g7rtTUvNUMTYuhFsk7Ntk+OS9\r\nABEBAAGJBHIEGAEKACYWIQTY+Wctd8C7YKAkwj7f3mCgCT65JgUCWz+3AAIbAgUJ\r\nAeEzgAJACRDf3mCgCT65JsF0IAQZAQoAHRYhBB5Hg0u1qPH3nMXqW2mL2ZGxSeqV\r\nBQJbP7cAAAoJEGmL2ZGxSeqVdPwP/25MY9rBbN6hUvVbTktmaVmLxnP1I3LEsAUP\r\nLnHNGCT9rB/OiQRK6lZ+9rEEHoCjvaNKwOe079KbE0EroSn1uamvO1R+4RFdZZ3g\r\n8994GaI6PgKHUIsiUuPTQyT3bQMhlPsPsjGLkkM37JslYMT3QefJVC7hudbXRBuT\r\nmLbV4oICLY/GVKQDv3jjqQ3uTtcEC1hOoFgVBz7R/mZKMdqTYrIts9HVqOp/n1UL\r\ndB6YXYE0xklT0bfE6RHtcqffbB+oShQmgjUngW9CZRm2+yOh+fWzbTOynHrCj2c6\r\nxSOHCRigdkjItO4LenWJtvThW8p25P2w6TAQJFzk1G/pzJDrdrDk+QbEa325dXdg\r\nx8gCbzB1COXgZkIKgDUIi3SwMBZfwY+Nc9E3oWuPTqcj/YboD3UMLiERz4pXSIC9\r\nT40O22hr5EEPfiphL0221OZ3GOOYBf5CflpWQwMtXEFRzkQov8Uy6P/D0L8yFCK5\r\nDn20g88z8GFugN+Cy2F+CJ1Gs3GUh/foRUMpvIc58ZVLSeFJs6F+iCYtql9iqulV\r\nWYXYahcFBK2Fm++M2tnV8BOxJaLUrsv0mfw8Xd3NJcbDexDJnZWZysJfFPhbxsrV\r\nnWaYev84oIbvogZ/fYGWMR7ZMA7KZXnGFSUngEEelm10V1vDBBSA+WlarQcMNEGD\r\nOFT5CjKHFGkQALvYNSswR76zX9SVkYcnYQJwSce5M9Le5UnDnJqozlofaxwVTfME\r\n8MjZsRVjuW2MVIGTsmfBd+HK+0gmcwBWurvNcB6yLCqXDNV3qAREykdwKNGqY9hF\r\nsjSg+TXCyQkvT5PZKsX2NLeBWSfG0j0Lek0HrhRZbXjrwo6BZU69gmoornQIQxjt\r\ndyzn8sGG5EQq+myHZ2lpQcLqsZd7EwvDbCURrY3Xdpw/LT4fMtGgl+IR2yvPkBLV\r\neiVxIj3PyDZhluqkFFqV4oZ0WsujTzwTrBX8+TqeS3GSVwaZicziUgha8zIsDWLq\r\noGHDAdMICaeGri1I/AHOhBxDQNQMgkQ+YB+PArBQCwbWQw769hmYaSSNGX8iqSVz\r\n9vHDhsqJZuFc94iJ8xwIHgTVOr8PaAfryzlrGQ6y4BZDLqH3OemcTwUMWsoqDhir\r\nV7Z/LnByLAtLURqNhVeY63RmAj8lba5+BUXeY5yWKx4t60C7+P5M1rjMC2ebkaQT\r\nb/N971BZrJlqvNmBEZTVjwDnx4BbCkdKDUsxsJvcrDe7WyguVkkNvNChEqcKdilj\r\nEpFnkFSUrOpEKoNxb7xlJivFanT46paxebfRSMKljG/H2a2KI4bw8TZJY/kOZNWf\r\nVa8v1ZDytzI+w+6D0U4j62Cj5KuUjQ6RiJj9WagMhr/jC/2dffz03ysA\r\n=UqMk\r\n-----END PGP PUBLIC KEY BLOCK-----", "public_key": "xsFNBFs/sX8BEADFRdCf86KpGFpH65AijPqy368VLL4tmCBSiQBDzOGMSPxfZhVGkWKVMV1a0yGGxr6gugO3lnsuhvVTgjeVisVd/O29zzwtF/XCECkZ7qNqcrbqzwJGl6jcNTq0jkKd3gvPljAm5QJhx5zhSM6oVtvwjVW+sGQ9M0Wg5rd8YaeoO0Nu/ScQNjVgP07WikwgUEDtSnAbBn1WfYXEnC799n0jWAwxg1VrNJjiBqjfYIoQJzUl1wZGa8CaZCAg9QOuAiYFKj+rvzffJzl46uk1QLH2xD+5LKsH2HJ/7NJaGVYP8Kk9g8EdD34ClLkI2WmsTMeQJ9AWu0dHjgyKh8J1P5L7CUqCnCmtocUm3TI8Fn9SZ8o+f9SUeASt7EGXRsxj4rR6Pp5akKBssnXSM0OzKbZ5jWhjtm3ow8Zfu9O2aFDs9R7Mn6EcfKCTozfHtweQhl/qrkxgOHuns6ncEfoucPq0mbE58EsCf4v8GhKns7/oGWnIKlt8TGroiej/Xev8JEdvXyxYhx7yPmwk5ivUIC/3bMK+oESlvZCamRhg4H+A0mWrqkPDeqBiuK7PvuGWY1+cZ1uL2wV81ymOfmjNq87GHvOfT4QhY9AIOl2B5iNkPutnzGGKdXoAhX8sCvkSKt9La5xR5GDbAiZaz0fznyz0osn+v6l7J44pKRvce+7XmwARAQAB", "emails": [ { "email": "lauris@nix.lv", "verified": true } ], "subkeys": [ { "id": 389731, "primary_key_id": 389730, "key_id": "ECF9122A9ECF3A2F", "raw_key": null, "public_key": "zsFNBFs/sX8BEADCJ7F16Nqlku7KEwpA0Hhvyd3PZBn0NrkTthTWkFfvW7Cpl5eDXGQU2HvfphPI2QUgr2EU6QwHrSeFgox14wMp1Js8X+Zts7V1nGZGjcHOEstrdeltNfAsPwPs4QWzoe9vC2aVMUNnnXQcAaew7ZDzmwP8Nvx0wcK97hMZ/TUr7/WxA1ZN0Nx8npMQjr+LIZgi8Im8xEVihAX/0VdLXRW/nqXeNmye0ZT/8sQYYzFlyNB2/6ruWAdaRG+aDq3GWdw0LxH0mnZ4AF13su4vdWXBDASXCwwe8m0RdogdWp9zPEmH35TuVUI2O5pg/XJHDCId/KIno74RUjqTDGbrCiYrAUrmxwSRsTupl+kIMLRxXJ6/iCm5ejY9NyefmqSdgUjy9nxBFry1s+CMIh77bb0oHsJBXriT48ey4J3KqnShV6k1YeXqO1InoxPHN5JKLmvyPuXU91daADEI0h2v8HMIxgVAeMtmw0HWvEqeCxlJZFaKjC+vOZDhrBk6B5Sru7y0HxzSwzCm5YGIQf1ITuCOMwKLlnJEebALutHB7wQ+VanXWaWh3GLRnc1zRga/6hjuEum8eI9ul3+UxRof2wxFyzk1ZILZiR546+LdRVDL4HW+L3+eSRoH08YvSfQaX53M0KHnBgblxZTaNomdGmhPubfwWjiudN7Q080GumkkcwARAQAB", "emails": [ ], "subkeys": [ ], "can_sign": false, "can_encrypt_comms": true, "can_encrypt_storage": true, "can_certify": false, "created_at": "2018-07-06T20:34:39.000Z", "expires_at": null }, { "id": 389732, "primary_key_id": 389730, "key_id": "698BD991B149EA95", "raw_key": null, "public_key": "zsFNBFs/twABEAC3B6qHqsXvLi5LYHFo0MR7LzmsRbdp3wYz0SCKDOaZ/ztXpxEDYU1OQZcJ5E3bfimPr2SLa1xXRjnpDIOsyc3kK35AsXm0YhHA7Jb0VAXktHxQwm5yp8nDNhIBp/M0siGumggSdHMW8Je3A4LnJdPuvLXfM4TZgrmnlVWkStO0GkLN7OBIIjGDEbX5kFNkNVVvZG9a3Bdh+nUbcx5oZSpZCZZUVMWFTLPd6hRfhD+NPVoIO4LmvDRJIbzZHdj7OmuAp/koq17qmAGxk+S8lpTfg7RVaOFNrA1X1E9xfvrwBMx6Nx20bRexpmzHq5oKHSQ31JuxdQQ52wXxqD5VhysFrXSYL/QKUyYux/dhMn1Eye0JJsSrQjTV/oFQIU9IP65DfwWgKgQobco0HaeEdDsrRC2Uay1I+bK4RzqckdZYxn1PNVJ98BqoY6PI3wuv2SI9HnmoiT5M2ul019Jzt0XIhyk7QAVUsHxftll2ctIpMj223tTVcwS5+kQTcmf66WMWg1p7l579Z4MERarJfNSWE87WLoNxoyAzny2kxvQ3EMlqXcaIJIr5UCuBR006CKFkb40Q2WX7A3fDfog0PivQvAjX35vF+Opu/InTtTsmbbfU1rRq546UkKpfe6y3ClGwaooktsN0GTJnQk9v4O67U1LzVDE2LoRbJOzbZPjkvQARAQAB", "emails": [ ], "subkeys": [ ], "can_sign": true, "can_encrypt_comms": false, "can_encrypt_storage": false, "can_certify": false, "created_at": "2018-07-06T20:34:39.000Z", "expires_at": null } ], "can_sign": true, "can_encrypt_comms": false, "can_encrypt_storage": false, "can_certify": true, "created_at": "2018-07-06T20:34:39.000Z", "expires_at": null } ] ``` I'm curious how the raw key format differs from the public key blob (perhaps the binary key, base64 encoded?). Does anyone know how you can take that blob and turn it into a valid GPG key? If so, we could use that to verify commits for each maintainer. I'm probably overthinking it but thought verification would be simpler to do :smiley_cat: Cheers **EDIT:** OK, that's definitely a base64-encoded version of the signing key. When I decode that to binary, I can import that into GPG but can't seem to do anything with it (nor with `git verify-tag`) The fingerprint does match though. ```sh $ base64 -d pubkey.asc > binary.gpg $ gpg --list-packets binary.gpg # off=0 ctb=c6 tag=6 hlen=3 plen=525 new-ctb :public key packet: version 4, algo 1, created 1493748930, expires 0 pkey[0]: [4096 bits] pkey[1]: [17 bits] keyid: AECE216D007B1CCC $ gpg --import binary.gpg gpg: key 007B1CCC: no user ID gpg: Total number processed: 1 $ gpg --edit-key 007B1CCC gpg: key "007B1CCC" not found: No public key $ cd ~/gitea $ git verify-tag v1.5.0-rc1 gpg: Signature made Tue 03 Jul 2018 03:47:43 PM CDT using RSA key ID 007B1CCC gpg: Can't check signature: No public key ```

GiteaMirror commented 2025-11-02 04:21:08 -06:00

Author

Owner

Copy Link

@techknowlogick commented on GitHub (Jul 9, 2018):

@4oo4 you can also check out the URL from github here: https://github.com/lafriks.gpg that has an armored file of all lafriks public keys.

@techknowlogick commented on GitHub (Jul 9, 2018): @4oo4 you can also check out the URL from github here: https://github.com/lafriks.gpg that has an armored file of all lafriks public keys.

GiteaMirror commented 2025-11-02 04:21:09 -06:00

Author

Owner

Copy Link

@4oo4 commented on GitHub (Jul 9, 2018):

@techknowlogick Ahh, that is so much easier, I wish Github had that better documented. Thanks!

So the reason it's not working for me I'm guessing is from the Github comment on that key:
The keys with the following IDs couldn't be exported and need to be reuploaded AECE216D007B1CCC, 002E9FFD10C56403

@4oo4 commented on GitHub (Jul 9, 2018): @techknowlogick Ahh, that is so much easier, I wish Github had that better documented. Thanks! So the reason it's not working for me I'm guessing is from the Github comment on that key: `The keys with the following IDs couldn't be exported and need to be reuploaded AECE216D007B1CCC, 002E9FFD10C56403`

GiteaMirror commented 2025-11-02 04:21:09 -06:00

Author

Owner

Copy Link

@Mikaela commented on GitHub (Nov 15, 2019):

Request for reopening. I am unable to find the public key linked from https://docs.gitea.io/en-us/install-from-binary/ and SKS keyservers cannot be trusted anymore.

• https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f

I think the best would be to have the public key somewhere in the repository itself or documentation.

@Mikaela commented on GitHub (Nov 15, 2019): Request for reopening. I am unable to find the public key linked from https://docs.gitea.io/en-us/install-from-binary/ and SKS keyservers cannot be trusted anymore. * https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f I think the best would be to have the public key somewhere in the repository itself or documentation.

GiteaMirror commented 2025-11-02 04:21:09 -06:00

Author

Owner

Copy Link

@Mikaela commented on GitHub (Nov 15, 2019):

I was able to find this:

pub   rsa4096/0x2D9AE806EC1592E2 2018-06-24 [SC] [expires: 2020-06-23]
      Key fingerprint = 7C9E 6815 2594 6888 62D6  2AF6 2D9A E806 EC15 92E2
uid                   [ unknown] Teabot <teabot@gitea.io>
sub   rsa4096/0x5FC346329753F4B0 2018-06-24 [S] [expires: 2020-06-26]
sub   rsa4096/0x1FBE01D7CBADB9A0 2018-06-24 [E] [expires: 2020-06-23]

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFsvDSkBEADtyFKGhQ/sh9KmVAzivJfMGbasytWkZNdIrwCoxSTEijl2QLyi
E8b5xEOK2+9b3OXF+Nbm+tdfVCaKfoDhXdglxvENSdXA0mKxt4RhKxXAkWHrLfeA
A4RbUj0ndfpJWpoRoEPZTP2a8UXOctUVQP+JzC+D028nawzpSVrXN7UYkszJ5j06
oR6+ZMjpEMbPRnOWRuaJONPvBuTHGDSsD3UPJlWyeUv7+GmcVJzjc8uq1HeX/5Ap
NTrESldIDPgcxfTWhscj1+s8gvW5SqcNQnWSIUtI+Bi2sW9ibj9XlkFJMU7QFV+S
1uF9D8lynZCSDIjnsqSuX3TMgr2CPk7+0eLNFAVrrTUbGwcoyge3d8osJD5PS3z6
COwDlzAXRJECScRo1ynxCxJTLVf6JoGQEFzVc5HSlM8Lx1zm/Al+AYdhdToCQNDF
vLLuHkMqh3OLG3yxS142BUHDrd0KaiY+sxoUQjVjo7PHpLZRJKGZCxSS6vPr9I+o
OTDO2h7rWdTtodmkSz9+NnUD1cGYWwL8j4Cpi4yozg+8Gbtywnm/q0TPMYhyiBbn
hU+sowfmo1RPn2aQnxSS55L7cMTNzP95cU4FQDNzYhget9X5UJJPWdSRcknykMcQ
oAo0IfswMDC7LWf8uObZo/0DQeGBVBx2y/+Ir9dt5MhcrmO/U+fCF+O2xwARAQAB
tBhUZWFib3QgPHRlYWJvdEBnaXRlYS5pbz6JAlQEEwEIAD4WIQR8nmgVJZRoiGLW
KvYtmugG7BWS4gUCWy8NKQIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIX
gAAKCRAtmugG7BWS4sOOD/9DKZIjnJJQ5k98hiT81aLWpy6c88MS0RQAgZXnDaOU
X2ZcJ+JZ1buGQH3Ch3QoEALR7TKhI8+VHujy7gwnSMUlZStVrHoAik/485d+k08N
N+Z5aNWoYK6lcd11OFi6uPy8DgEn2WUHFfQUesB/FhOnG8W7DQz4HiMoMFMAKEEe
eA9O2bcLW7ukF1OUVwYBoWQGqdEufW7hiE7WOAeoYYzEJHAZGnxQ3bJK4GYx/Rha
r0tanIYFhX58StENWU9alw4ECUdmQC3+F+bu81kjnD0TDQP9qwPjodo8jZ5MQJDK
cAOjk4smgNMaN5bqbNb8fwmBgkLqwaQB7SiE1WlceTxqB6STdUBASaxXXAvMYlXd
ualGDEm4wFUVyPRBUj8uSWQZbGHhZ0NEMFpyEAkQEHtAyPaGZJOwQLqbQnTEV6Ph
jvOXOsOpzG7ijompBOnY8l7LelZXtKQjk/NRfBvgxfHKw5d1ShOiD5quTdF19JUW
Ay+15DVGqjtIhAP4LX1gGLUlFoh8HJ81uQunxzEWvLBtEdQpbjzmm4QLNqUJ2hQM
Bg0chUWHH5iq6PduuyPHosnatc/MvLZdwVz2FrL2YGbixeWoYDY2AfV0UGVjF1W6
K2oosELAh3jMxv9lGrP4nT0HwNU1NAgx5/fy5LXJ0nDewR0BIuZZMZmnS385/Ljb
ZrkCDQRbLw2xARAA2jnRSZFdkcAwygf8BoyG9HurVqFb0t5SRZHEjFIl6wmdvlk1
3KszvyzRJ+8IEL3QQtdwTKZAMYT9HamclvwiiF92/12HwsTK1Ijn/ayAsWmHFhXv
qlEaKtm/39Mj6M4b6wPkl5vy/TYoxj3CDGl8gWQHo/RmYOcDl61Twswt4uonUm4f
O9V8x19mhxbap6CDsh6Eh64SxXRkyXaY1UPrd4V/TslyBsLz5L5sgIVVTvnNitSA
nGhy77CwUiv3DkvoK6lc7/JvH1zf50/v3uequhTABeMuhdD5Vz7Zq6GYOSkDh/gP
CfgBeL0W/vpWSVLyQC0dkC94yxN9R5SHKcae++IFFhSa3CNPiBLhZ/6dl3K1MV4r
J0CY++RbYNHdrmQFA95HpiSfqcOGBZU5YfV+ErlsVqZFqBMP7edZtgT9kKW8NPQd
Ldm4aClzBATnkI0wgAozq2FBacFosuNEUVCWap6vaJ1L0cJeIC7kzOmp3T/W/klE
CfxHenEIoH5XlsIugHMAtdnWzAZv8LnLfCo7FsuUZXD7PhNvavNJUdQ2EaKC/DSy
0++6Il1wKvt26RPaMM0JtEdCO3AMoXVtfqLp0Er4FBUpHV6OtaVhlnqOhHh6O/Al
mX8z90Okc/u+UBtwhgcXFyM3oA9JKEAIthFBi9871frBAbXS8Z9YJESLpQ0AEQEA
AYkEcgQYAQgAJgIbAhYhBHyeaBUllGiIYtYq9i2a6AbsFZLiBQJdFHlbBQkDxp8q
AkDBdCAEGQEIAB0WIQTMZLHbZ6u+7KsktkVfw0Yyl1P0sAUCWy8NsQAKCRBfw0Yy
l1P0sMVTD/9tr7HkTQie+SPOrL/6BJr1/cAhU5Xv58IkMsuBmPO6uqmMar5gvvbe
baafprB7MjK3b2pwTeaHvnSkeRDqMzpEWiy3sBN1S1wedXnEOmGYB8CTyDzgV3Dm
GHbnvCmQv9agtiEgaGqR1xaZCkUQmjhTIVnpATyx14kZgxcLYhKYybI1w7YrZPJc
GEt/ENUZQRNKac2/tu/GqiNnZ0ppCc0l7N9ZOoboqgzBXKGDbYJ97WO8XnGqrHK0
CDUVao2ji+xd6bi9aLXb0sNeRGeOKVqaHYg2NA/KdnPTQj8JnmSaZmpvFJJiLXiB
/zjNWouYPNNRQidGhjHYlHgNz/mCkRBHhOhiPwz2ui15GSl8dUecNMkJaon+9NAm
A2L7N0J5PA1ZB4ywrgc1ZSjxdRxTGGVrM0H+2R4ILA/gEYWRPLwEpOekX4Vlc2ME
ajSA+eGlBVF/Qb5B8+u4Aegwsz1Iy+yYxJ/qxSS2xwDVvI1utifUfF/AXgM5FvW1
+3KmpaMTpr/+KHtUIdkM/DT62J9j+aCTcyXwAFlli2FsbvZBHEoir/EqJdFjxhXX
nZmb85w2/eJTapQQ5lxAzeurRrhurl+Ai+cNSpJC++jAusIJ86mA7iZPyEic2G93
ivcyolhGJnkeUBlTJui6Spk48NcHlNl+H3kwNST+DIIlHK5RxG7n3AkQLZroBuwV
kuKpzRAAk2xrnJQpvCu6ReduXRVX1V27f8/CaaKVll9zYu0ZQry/tmBc6403z6DZ
8UtnzdKBsbmEqa8R/51Hf0P0jQH6Y5QoRg2KTuh6uGbI7aqsnbJU3EY3xLrpv2VM
OLgFkc3VvvpO302pt5sK+h2W74dvnY89pew8uKxYdoWulyl9/pF+dkJQoN94P+7K
u1Xrw+p00V2JfFWP0D3qR7Lch6wIPfEvl5cfKXznluH/XsbKEjOk9C85RUHAWVrR
mbd+I1HFgXL2EBPNsbB3eK0wTIsNBqaNPTwv3GpBiCl0Fbax4wUc6+K8uVp63d3F
j2DlZSPrYJOk5vGrhv+7yZeMTbDH7VBPHRkdoWO/cWQYZlRAULzJLVLq0aN2x0Fb
W/5gDJCEdHxIn93tSV5zN9twvfOtZA8yaGaVC6nP4tweEWk9I4kN6eP6cH573Mj5
3u/cvw19eEZeoHLU+6KsrwW7HTem3uhijnDtPQ/boQNHrDu6TbRGvlvunoEa4+jx
NDg5N020EBdqWFdzoLZxQi4kwrbcavxTP4zKaIjMX4hkgs9Aiwea/AfhBtQHuKAF
O2rYd8ULuSvrP5FAGB/Hjj1NulbVFKNDmRTFIg7iyuQUhod8j1y1wzhYiEraXyVP
T8fUZnXiCxLMyUjJC7+hDOTD3t9mtKBXa8fbJ6Ji55VMcUi1+Z65Ag0EWy8NKQEQ
ANgvR4yfdll+TkRX5lvgWYFnDj7/eeEwidfo8zO7/dbFzNw5FC2DM3T9VDX04eGy
/wjb0+v5I85oObQBJ0yDM1ir/+p0piBCyMBoYfMZyCiYZipX0GLHQykrnK6j4goP
qrlxAB6oUP+Hzb5MKJbsb7LYfGB670wC+9OnylTimTVZs2uBNm+E7HButG/YAbPG
xTGCrKPmjHfR28ijyflayhemXQ46WktGD1Tu4E0yZS7XZM6UQTgcU7nGNE7kTB8p
YAc/oRQaTQktN8AxD8AxlrlZ5ap5bNX8+eLr9Gm4CZjZIS7/6CujVerK2R5AJXzv
tZwLRVP8LVCKG680bLei+/uPhCuiHYvo2B4DLKbTU6ojltXj4Qn7pwhsLiiFAB+P
qeFj8T/puRibOzW7Ay9JQtWMUC1EPybeXKnLTEdNfrg3nIgKLrlZVO4VSoNCIV+M
/1KLYFLTyYEzmUI4L8XC2QAwLQhF81Jg10COjQEOHn1hqdrm99bVU00IcPtkbTxw
4FoeGD6qJkry3bxRfquTEPGCGTYcTDezEoRbukmgdzk6KW0vn/g6rYBUL9KbrdV5
4OV9W7yqPjEyKTKNUbRzzpc6mgIPGXOYpsblhiJQYRHVYJMH264nd7oA77fAAnyn
azw0Hp/e9Z57LNmG2ybjUCaB7+xmCBJAarK2M/J1PEbFABEBAAGJAjwEGAEIACYW
IQR8nmgVJZRoiGLWKvYtmugG7BWS4gUCWy8NKQIbDAUJA8JnAAAKCRAtmugG7BWS
4sKID/9CF5QnNyKsfJoB+CuNNW1GN8JRcd9z9fmwrCtZr0STuP3tgJY96euM4xvU
qbfuI+nLw0fa8yXOEOrrjMGyqzzMyaFiyFyXLEISQN+HMDMbsJHmvfeC0RUERtfA
lVwrjebjDQetHTqJjSf///ZXJ6yfdO1Boz0Jik4U198GK8mVBVJrFtM28KRyiPpq
oZEvCGEx3Gylk18yOtJntOR9H/u0xV34X7mXcrPbaf3D+uYgUPeHcWlI0H7mjl60
RdImesFXGSL40B0MG6vxXRHiH+j+32dvovNQPKPPOcJGxyep2AvQQDsY262FM9JU
IX0Kx2WMsSAAveJ8549ffIRfyLegO3XGv107jCAjdD7KW8LLaKJsBcy9AtdWrjDu
StmJo2yIWoUlg2Vd59//qu0pEUJLm5lZEVXa/bLspPIxedLstlwrasapczMOktb5
d/igt9OIUFUaEjaQUGKpyhHBm9zJD06cJs9MfvqEubuJzSsxkrOK2senPYw/RotV
0zfrtxefv6SKYmSDOy6xY0W2Gtrn3PhOkIdnT4L58e+5mQc1cWqbbbTnVpEc31HX
22kSzqWtWxbTcE3Y4SMOD9LvC7jhn6fNN9VBmSsFO5Mn70o4tqQrAueSJptVAvMw
se4OaBNJn9XzeIwxbLoovDuICSramSXhNM6enfBeDy66tnLnFg==
=haV9
-----END PGP PUBLIC KEY BLOCK-----

@Mikaela commented on GitHub (Nov 15, 2019): I was able to find this: ``` pub rsa4096/0x2D9AE806EC1592E2 2018-06-24 [SC] [expires: 2020-06-23] Key fingerprint = 7C9E 6815 2594 6888 62D6 2AF6 2D9A E806 EC15 92E2 uid [ unknown] Teabot <teabot@gitea.io> sub rsa4096/0x5FC346329753F4B0 2018-06-24 [S] [expires: 2020-06-26] sub rsa4096/0x1FBE01D7CBADB9A0 2018-06-24 [E] [expires: 2020-06-23] ``` ``` -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFsvDSkBEADtyFKGhQ/sh9KmVAzivJfMGbasytWkZNdIrwCoxSTEijl2QLyi E8b5xEOK2+9b3OXF+Nbm+tdfVCaKfoDhXdglxvENSdXA0mKxt4RhKxXAkWHrLfeA A4RbUj0ndfpJWpoRoEPZTP2a8UXOctUVQP+JzC+D028nawzpSVrXN7UYkszJ5j06 oR6+ZMjpEMbPRnOWRuaJONPvBuTHGDSsD3UPJlWyeUv7+GmcVJzjc8uq1HeX/5Ap NTrESldIDPgcxfTWhscj1+s8gvW5SqcNQnWSIUtI+Bi2sW9ibj9XlkFJMU7QFV+S 1uF9D8lynZCSDIjnsqSuX3TMgr2CPk7+0eLNFAVrrTUbGwcoyge3d8osJD5PS3z6 COwDlzAXRJECScRo1ynxCxJTLVf6JoGQEFzVc5HSlM8Lx1zm/Al+AYdhdToCQNDF vLLuHkMqh3OLG3yxS142BUHDrd0KaiY+sxoUQjVjo7PHpLZRJKGZCxSS6vPr9I+o OTDO2h7rWdTtodmkSz9+NnUD1cGYWwL8j4Cpi4yozg+8Gbtywnm/q0TPMYhyiBbn hU+sowfmo1RPn2aQnxSS55L7cMTNzP95cU4FQDNzYhget9X5UJJPWdSRcknykMcQ oAo0IfswMDC7LWf8uObZo/0DQeGBVBx2y/+Ir9dt5MhcrmO/U+fCF+O2xwARAQAB tBhUZWFib3QgPHRlYWJvdEBnaXRlYS5pbz6JAlQEEwEIAD4WIQR8nmgVJZRoiGLW KvYtmugG7BWS4gUCWy8NKQIbAwUJA8JnAAULCQgHAgYVCgkICwIEFgIDAQIeAQIX gAAKCRAtmugG7BWS4sOOD/9DKZIjnJJQ5k98hiT81aLWpy6c88MS0RQAgZXnDaOU X2ZcJ+JZ1buGQH3Ch3QoEALR7TKhI8+VHujy7gwnSMUlZStVrHoAik/485d+k08N N+Z5aNWoYK6lcd11OFi6uPy8DgEn2WUHFfQUesB/FhOnG8W7DQz4HiMoMFMAKEEe eA9O2bcLW7ukF1OUVwYBoWQGqdEufW7hiE7WOAeoYYzEJHAZGnxQ3bJK4GYx/Rha r0tanIYFhX58StENWU9alw4ECUdmQC3+F+bu81kjnD0TDQP9qwPjodo8jZ5MQJDK cAOjk4smgNMaN5bqbNb8fwmBgkLqwaQB7SiE1WlceTxqB6STdUBASaxXXAvMYlXd ualGDEm4wFUVyPRBUj8uSWQZbGHhZ0NEMFpyEAkQEHtAyPaGZJOwQLqbQnTEV6Ph jvOXOsOpzG7ijompBOnY8l7LelZXtKQjk/NRfBvgxfHKw5d1ShOiD5quTdF19JUW Ay+15DVGqjtIhAP4LX1gGLUlFoh8HJ81uQunxzEWvLBtEdQpbjzmm4QLNqUJ2hQM Bg0chUWHH5iq6PduuyPHosnatc/MvLZdwVz2FrL2YGbixeWoYDY2AfV0UGVjF1W6 K2oosELAh3jMxv9lGrP4nT0HwNU1NAgx5/fy5LXJ0nDewR0BIuZZMZmnS385/Ljb ZrkCDQRbLw2xARAA2jnRSZFdkcAwygf8BoyG9HurVqFb0t5SRZHEjFIl6wmdvlk1 3KszvyzRJ+8IEL3QQtdwTKZAMYT9HamclvwiiF92/12HwsTK1Ijn/ayAsWmHFhXv qlEaKtm/39Mj6M4b6wPkl5vy/TYoxj3CDGl8gWQHo/RmYOcDl61Twswt4uonUm4f O9V8x19mhxbap6CDsh6Eh64SxXRkyXaY1UPrd4V/TslyBsLz5L5sgIVVTvnNitSA nGhy77CwUiv3DkvoK6lc7/JvH1zf50/v3uequhTABeMuhdD5Vz7Zq6GYOSkDh/gP CfgBeL0W/vpWSVLyQC0dkC94yxN9R5SHKcae++IFFhSa3CNPiBLhZ/6dl3K1MV4r J0CY++RbYNHdrmQFA95HpiSfqcOGBZU5YfV+ErlsVqZFqBMP7edZtgT9kKW8NPQd Ldm4aClzBATnkI0wgAozq2FBacFosuNEUVCWap6vaJ1L0cJeIC7kzOmp3T/W/klE CfxHenEIoH5XlsIugHMAtdnWzAZv8LnLfCo7FsuUZXD7PhNvavNJUdQ2EaKC/DSy 0++6Il1wKvt26RPaMM0JtEdCO3AMoXVtfqLp0Er4FBUpHV6OtaVhlnqOhHh6O/Al mX8z90Okc/u+UBtwhgcXFyM3oA9JKEAIthFBi9871frBAbXS8Z9YJESLpQ0AEQEA AYkEcgQYAQgAJgIbAhYhBHyeaBUllGiIYtYq9i2a6AbsFZLiBQJdFHlbBQkDxp8q AkDBdCAEGQEIAB0WIQTMZLHbZ6u+7KsktkVfw0Yyl1P0sAUCWy8NsQAKCRBfw0Yy l1P0sMVTD/9tr7HkTQie+SPOrL/6BJr1/cAhU5Xv58IkMsuBmPO6uqmMar5gvvbe baafprB7MjK3b2pwTeaHvnSkeRDqMzpEWiy3sBN1S1wedXnEOmGYB8CTyDzgV3Dm GHbnvCmQv9agtiEgaGqR1xaZCkUQmjhTIVnpATyx14kZgxcLYhKYybI1w7YrZPJc GEt/ENUZQRNKac2/tu/GqiNnZ0ppCc0l7N9ZOoboqgzBXKGDbYJ97WO8XnGqrHK0 CDUVao2ji+xd6bi9aLXb0sNeRGeOKVqaHYg2NA/KdnPTQj8JnmSaZmpvFJJiLXiB /zjNWouYPNNRQidGhjHYlHgNz/mCkRBHhOhiPwz2ui15GSl8dUecNMkJaon+9NAm A2L7N0J5PA1ZB4ywrgc1ZSjxdRxTGGVrM0H+2R4ILA/gEYWRPLwEpOekX4Vlc2ME ajSA+eGlBVF/Qb5B8+u4Aegwsz1Iy+yYxJ/qxSS2xwDVvI1utifUfF/AXgM5FvW1 +3KmpaMTpr/+KHtUIdkM/DT62J9j+aCTcyXwAFlli2FsbvZBHEoir/EqJdFjxhXX nZmb85w2/eJTapQQ5lxAzeurRrhurl+Ai+cNSpJC++jAusIJ86mA7iZPyEic2G93 ivcyolhGJnkeUBlTJui6Spk48NcHlNl+H3kwNST+DIIlHK5RxG7n3AkQLZroBuwV kuKpzRAAk2xrnJQpvCu6ReduXRVX1V27f8/CaaKVll9zYu0ZQry/tmBc6403z6DZ 8UtnzdKBsbmEqa8R/51Hf0P0jQH6Y5QoRg2KTuh6uGbI7aqsnbJU3EY3xLrpv2VM OLgFkc3VvvpO302pt5sK+h2W74dvnY89pew8uKxYdoWulyl9/pF+dkJQoN94P+7K u1Xrw+p00V2JfFWP0D3qR7Lch6wIPfEvl5cfKXznluH/XsbKEjOk9C85RUHAWVrR mbd+I1HFgXL2EBPNsbB3eK0wTIsNBqaNPTwv3GpBiCl0Fbax4wUc6+K8uVp63d3F j2DlZSPrYJOk5vGrhv+7yZeMTbDH7VBPHRkdoWO/cWQYZlRAULzJLVLq0aN2x0Fb W/5gDJCEdHxIn93tSV5zN9twvfOtZA8yaGaVC6nP4tweEWk9I4kN6eP6cH573Mj5 3u/cvw19eEZeoHLU+6KsrwW7HTem3uhijnDtPQ/boQNHrDu6TbRGvlvunoEa4+jx NDg5N020EBdqWFdzoLZxQi4kwrbcavxTP4zKaIjMX4hkgs9Aiwea/AfhBtQHuKAF O2rYd8ULuSvrP5FAGB/Hjj1NulbVFKNDmRTFIg7iyuQUhod8j1y1wzhYiEraXyVP T8fUZnXiCxLMyUjJC7+hDOTD3t9mtKBXa8fbJ6Ji55VMcUi1+Z65Ag0EWy8NKQEQ ANgvR4yfdll+TkRX5lvgWYFnDj7/eeEwidfo8zO7/dbFzNw5FC2DM3T9VDX04eGy /wjb0+v5I85oObQBJ0yDM1ir/+p0piBCyMBoYfMZyCiYZipX0GLHQykrnK6j4goP qrlxAB6oUP+Hzb5MKJbsb7LYfGB670wC+9OnylTimTVZs2uBNm+E7HButG/YAbPG xTGCrKPmjHfR28ijyflayhemXQ46WktGD1Tu4E0yZS7XZM6UQTgcU7nGNE7kTB8p YAc/oRQaTQktN8AxD8AxlrlZ5ap5bNX8+eLr9Gm4CZjZIS7/6CujVerK2R5AJXzv tZwLRVP8LVCKG680bLei+/uPhCuiHYvo2B4DLKbTU6ojltXj4Qn7pwhsLiiFAB+P qeFj8T/puRibOzW7Ay9JQtWMUC1EPybeXKnLTEdNfrg3nIgKLrlZVO4VSoNCIV+M /1KLYFLTyYEzmUI4L8XC2QAwLQhF81Jg10COjQEOHn1hqdrm99bVU00IcPtkbTxw 4FoeGD6qJkry3bxRfquTEPGCGTYcTDezEoRbukmgdzk6KW0vn/g6rYBUL9KbrdV5 4OV9W7yqPjEyKTKNUbRzzpc6mgIPGXOYpsblhiJQYRHVYJMH264nd7oA77fAAnyn azw0Hp/e9Z57LNmG2ybjUCaB7+xmCBJAarK2M/J1PEbFABEBAAGJAjwEGAEIACYW IQR8nmgVJZRoiGLWKvYtmugG7BWS4gUCWy8NKQIbDAUJA8JnAAAKCRAtmugG7BWS 4sKID/9CF5QnNyKsfJoB+CuNNW1GN8JRcd9z9fmwrCtZr0STuP3tgJY96euM4xvU qbfuI+nLw0fa8yXOEOrrjMGyqzzMyaFiyFyXLEISQN+HMDMbsJHmvfeC0RUERtfA lVwrjebjDQetHTqJjSf///ZXJ6yfdO1Boz0Jik4U198GK8mVBVJrFtM28KRyiPpq oZEvCGEx3Gylk18yOtJntOR9H/u0xV34X7mXcrPbaf3D+uYgUPeHcWlI0H7mjl60 RdImesFXGSL40B0MG6vxXRHiH+j+32dvovNQPKPPOcJGxyep2AvQQDsY262FM9JU IX0Kx2WMsSAAveJ8549ffIRfyLegO3XGv107jCAjdD7KW8LLaKJsBcy9AtdWrjDu StmJo2yIWoUlg2Vd59//qu0pEUJLm5lZEVXa/bLspPIxedLstlwrasapczMOktb5 d/igt9OIUFUaEjaQUGKpyhHBm9zJD06cJs9MfvqEubuJzSsxkrOK2senPYw/RotV 0zfrtxefv6SKYmSDOy6xY0W2Gtrn3PhOkIdnT4L58e+5mQc1cWqbbbTnVpEc31HX 22kSzqWtWxbTcE3Y4SMOD9LvC7jhn6fNN9VBmSsFO5Mn70o4tqQrAueSJptVAvMw se4OaBNJn9XzeIwxbLoovDuICSramSXhNM6enfBeDy66tnLnFg== =haV9 -----END PGP PUBLIC KEY BLOCK----- ```

GiteaMirror referenced this issue 2025-11-02 12:04:05 -06:00

[PR #2010] [MERGED] Always return valid go-get meta, even if unauthorized #16179

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

release/v1.25

release/v1.24

release/v1.23

release/v1.22

release/v1.21

release/v1.20

release/v1.19

release/v1.18

release/v1.17

release/v1.16

release/v1.15

release/v1.14

release/v1.13

release/v1.12

release/v1.11

release/v1.10

release/v1.9

release/v1.8

v1.25.3

v1.25.2

v1.25.1

v1.25.0

v1.24.7

v1.25.0-rc0

v1.26.0-dev

v1.24.6

v1.24.5

v1.24.4

v1.24.3

v1.24.2

v1.24.1

v1.24.0

v1.23.8

v1.24.0-rc0

v1.25.0-dev

v1.23.7

v1.23.6

v1.23.5

v1.23.4

v1.23.3

v1.23.2

v1.23.1

v1.23.0

v1.23.0-rc0

v1.24.0-dev

v1.22.6

v1.22.5

v1.22.4

v1.22.3

v1.22.2

v1.22.1

v1.22.0

v1.23.0-dev

v1.22.0-rc1

v1.21.11

v1.22.0-rc0

v1.21.10

v1.21.9

v1.21.8

v1.21.7

v1.21.6

v1.21.5

v1.21.4

v1.21.3

v1.21.2

v1.20.6

v1.21.1

v1.21.0

v1.21.0-rc2

v1.21.0-rc1

v1.20.5

v1.22.0-dev

v1.21.0-rc0

v1.20.4

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v1.19.4

v1.21.0-dev

v1.20.0-rc2

v1.20.0-rc1

v1.20.0-rc0

v1.19.3

v1.19.2

v1.19.1

v1.19.0

v1.19.0-rc1

v1.20.0-dev

v1.19.0-rc0

v1.18.5

v1.18.4

v1.18.3

v1.18.2

v1.18.1

v1.18.0

v1.17.4

v1.18.0-rc1

v1.19.0-dev

v1.18.0-rc0

v1.17.3

v1.17.2

v1.17.1

v1.17.0

v1.17.0-rc2

v1.16.9

v1.17.0-rc1

v1.18.0-dev

v1.16.8

v1.16.7

v1.16.6

v1.16.5

v1.16.4

v1.16.3

v1.16.2

v1.16.1

v1.16.0

v1.15.11

v1.17.0-dev

v1.16.0-rc1

v1.15.10

v1.15.9

v1.15.8

v1.15.7

v1.15.6

v1.15.5

v1.15.4

v1.15.3

v1.15.2

v1.15.1

v1.14.7

v1.15.0

v1.15.0-rc3

v1.14.6

v1.15.0-rc2

v1.14.5

v1.16.0-dev

v1.15.0-rc1

v1.14.4

v1.14.3

v1.14.2

v1.14.1

v1.14.0

v1.13.7

v1.14.0-rc2

v1.13.6

v1.13.5

v1.14.0-rc1

v1.15.0-dev

v1.13.4

v1.13.3

v1.13.2

v1.13.1

v1.13.0

v1.12.6

v1.13.0-rc2

v1.14.0-dev

v1.13.0-rc1

v1.12.5

v1.12.4

v1.12.3

v1.12.2

v1.12.1

v1.11.8

v1.12.0

v1.11.7

v1.12.0-rc2

v1.11.6

v1.12.0-rc1

v1.13.0-dev

v1.11.5

v1.11.4

v1.11.3

v1.10.6

v1.12.0-dev

v1.11.2

v1.10.5

v1.11.1

v1.10.4

v1.11.0

v1.11.0-rc2

v1.10.3

v1.11.0-rc1

v1.10.2

v1.10.1

v1.10.0

v1.9.6

v1.9.5

v1.10.0-rc2

v1.11.0-dev

v1.10.0-rc1

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.9.0-rc2

v1.10.0-dev

v1.9.0-rc1

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.8.0-rc3

v1.7.6

v1.8.0-rc2

v1.7.5

v1.8.0-rc1

v1.9.0-dev

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.7.0-rc3

v1.6.4

v1.7.0-rc2

v1.6.3

v1.7.0-rc1

v1.7.0-dev

v1.6.2

v1.6.1

v1.6.0

v1.6.0-rc2

v1.5.3

v1.6.0-rc1

v1.6.0-dev

v1.5.2

v1.5.1

v1.5.0

v1.5.0-rc2

v1.5.0-rc1

v1.5.0-dev

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.4.0-rc3

v1.4.0-rc2

v1.3.3

v1.4.0-rc1

v1.3.2

v1.3.1

v1.3.0

v1.3.0-rc2

v1.3.0-rc1

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.2.0-rc3

v1.2.0-rc2

v1.1.4

v1.2.0-rc1

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.2

v1.0.1

v1.0.0

v0.9.99

Labels

Clear labels

$20

$250

$50

$500

backport/done

💎 Bounty

docs-update-needed

good first issue

hacktoberfest

issue/bounty

issue/confirmed

issue/critical

issue/duplicate

issue/needs-feedback

issue/not-a-bug

issue/regression

issue/stale

issue/workaround

lgtm/need 2

modifies/api

modifies/translation

outdated/backport/v1.18

outdated/theme/markdown

outdated/theme/timetracker

performance/bigrepo

performance/cpu

performance/memory

performance/speed

pr/breaking

proposal/accepted

proposal/rejected

pr/wip

pull-request

Mirrored from GitHub Pull Request

reviewed/wontfix

💰 Rewarded

skip-changelog

status/blocked

topic/accessibility

topic/api

topic/authentication

topic/build

topic/code-linting

topic/commit-signing

topic/content-rendering

topic/deployment

topic/distribution

topic/federation

topic/gitea-actions

topic/issues

topic/lfs

topic/mobile

topic/moderation

topic/packages

topic/pr

topic/projects

topic/repo

topic/repo-migration

topic/security

topic/theme

topic/ui

topic/ui-interaction

topic/ux

topic/webhooks

topic/wiki

type/bug

type/deprecation

type/docs

type/enhancement

type/feature

type/miscellaneous

type/proposal

type/question

type/refactoring

type/summary

type/testing

type/upstream

No Label type/docs

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#2010