That is an interesting idea. Is it limited to GPG signatures, or would it also work with SSH signatures? If it did, it would be neat if it could reuse root’ authorized SSH keys for example.
It currently only works with GPG. It relies on the Git signature feature and i don’t think it support another signature specification.
Since the goal is to authenticate the author of a commit, i don’t think SSH keys could be useful in this context (they could be used to authenticate a machine but not the commit author).
To be clear that we did not misunderstand each other, this is what I’m talking about:
@hexa ok, I got it. So, it is not supported by comin but would be nice! I created an issue to track this proposal: Use SSH keys for Git commit signature checks · Issue #73 · nlewo/comin · GitHub.
Actually, SSH keys could have better covered my needs, but i still use GPG for now (since it is implemented and tested).