@codeberg hiya, I have a question. When I choose the default trust model, which one of the three is it going to be? The description says, that it will be the default «for this installation» 🤔

@kytta looks like it is "committer".

I think there was an issue for this, but I'm not sure what was the motivation for this.

@codeberg ahh, thank you.

I would guess that the motivation was to match the behaviour of GitHub many would be familiar with 🤷🏻‍♂️

@kytta yeah, especially with confusing setups.

But matching the expected "GitHub" behaviour is quite troublesome at times. Not sure about that one, but it usually feels like people expect us to support some non-standard legacy stuff, just because someone thought this was better. 😉

@kytta @codeberg

Yes it is an option to mimic github behaviour (which can be tricked easily)

Long story: there was a long discussion about when gitea should mark signed commits as trusted. And we had a more secury config people did not expect. So there was a high demand to do it "github like" but nobody (of us maintainer) wanted to revert a more secure default config

So now you can configure it

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.