Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
dolmen 7 hours ago

About signing keys, it would make sense stopping using a signing key (marking it as such and deleting it) once you stop a job.

Your signing key for personal projects probably has a different temporality.

notpushkin 6 hours ago | parent [-]

> About signing keys, it would make sense stopping using a signing key (marking it as such and deleting it) once you stop a job.

What does this achieve exactly?

necovek 2 hours ago | parent [-]

Nobody can steal it and sign it with your key for a commit to appear as if it was signed by a regular committer to a work project that would pass the verification if there is any on the repo or CI/CD side (if that's not restricting keys by the time period). The scenario is certainly a bit far-fetched and contorted, but it is possible.