Rebrand artwork to TDE #7

See images below.

Rebrand images look good.

Thank you for your contribution!

Welcome Janek!! Good to have you contributing too 😄

@jstolarek
A note and a question.

when you create a commit, could you also use the -s flag in addition to -S? It adds the sign-off clause to it.
when can I import your public GPG key from? I tried a few known gpg servers but I can't seem to find it

Ok, I think I that when I replied email notification it was sent to an unsupervised mailbox. (Maybe notification emails should have the ReplyTo field set to user's email?) So, again:

I'm new to using GPG so apologies if I didn't get everything right.

when you create a commit, could you also use the -s flag in addition to -S? It adds the sign-off clause to it.

Ah, ok. I'm just relying on having gpgsign = true in my .gitconfig. Didn't realize the two flags aren't the same.

when can I import your public GPG key from? I tried a few known gpg servers but I can’t seem to find it

Where can I upload it to make it publicly available? At the moment it's just added to my gitea account.

Also, I'm working on two different machines and these have their own GPG keys each. I guess that's not how it's supposed to be done (like with SSH keys) but I'm yet to figure out the Right Way of doing things with GPG.

Ok, I think I that when I replied email notification it was sent to an unsupervised mailbox. (Maybe notification emails should have the ReplyTo field set to user's email?) So, again:

It's not a completely unmonitored mailbox – it comes to the administrator, now to me. There are two disadvantages to using a user address as a sender:

There would be a private discussion by e-mail instead of comments in TGW.
Emails could be rejected due to SPF if it were used on the user's domain.

The ideal solution would be if there was a gateway between email and TGW. Maybe we will prepare that sometime in the future…

I'm new to using GPG so apologies if I didn't get everything right.

when you create a commit, could you also use the -s flag in addition to -S? It adds the sign-off clause to it.

Ah, ok. I'm just relying on having gpgsign = true in my .gitconfig. Didn't realize the two flags aren't the same.

Yes, gpg signature and signed-off-by are two separate things that have two separate options. By adding a Signed-off-by signature you express your consent to the DCO, therefore it is required.

when can I import your public GPG key from? I tried a few known gpg servers but I can’t seem to find it

Where can I upload it to make it publicly available? At the moment it's just added to my gitea account.

Thanks to you uploaded your gpg key to TGW, your commits are green, because TGW knows your key and can therefore trust it.

In order for other users to verify the validity of your commits' signatures, they should be able to download your public key. Therefore, it is a good idea to upload your public key to key servers. Because GPG/PGP is based on mutual trust, it is also possible to verify and sign your key there, which will increase the credibility of your key.

The best available key server for uploading your public key seems to be http://keyserver.ubuntu.com/

Also, I'm working on two different machines and these have their own GPG keys each. I guess that's not how it's supposed to be done (like with SSH keys) but I'm yet to figure out the Right Way of doing things with GPG.

The GPG key is used to verify your identity, regardless of the machine you are currently using. Its trust is increased by having your key signed by other users. Therefore, it is common to use one GPG key and carefully guard your private key.

> Ok, I think I that when I replied email notification it was sent to an unsupervised mailbox. (Maybe notification emails should have the ReplyTo field set to user's email?) So, again: > It's not a completely unmonitored mailbox – it comes to the administrator, now to me. There are two disadvantages to using a user address as a sender: 1. There would be a private discussion by e-mail instead of comments in TGW. 2. Emails could be rejected due to SPF if it were used on the user's domain. The ideal solution would be if there was a gateway between email and TGW. Maybe we will prepare that sometime in the future… > I'm new to using GPG so apologies if I didn't get everything right. > > > when you create a commit, could you also use the -s flag in addition to -S? It adds the sign-off clause to it. > > Ah, ok. I'm just relying on having `gpgsign = true` in my .gitconfig. Didn't realize the two flags aren't the same. > Yes, gpg signature and signed-off-by are two separate things that have two separate options. By adding a Signed-off-by signature you express your consent to the DCO, therefore it is required. > > when can I import your public GPG key from? I tried a few known gpg servers but I can’t seem to find it > > Where can I upload it to make it publicly available? At the moment it's just added to my gitea account. > Thanks to you uploaded your gpg key to TGW, your commits are green, because TGW knows your key and can therefore trust it. In order for other users to verify the validity of your commits' signatures, they should be able to download your public key. Therefore, it is a good idea to upload your public key to key servers. Because GPG/PGP is based on mutual trust, it is also possible to verify and sign your key there, which will increase the credibility of your key. The best available key server for uploading your public key seems to be http://keyserver.ubuntu.com/ > Also, I'm working on two different machines and these have their own GPG keys each. I guess that's not how it's supposed to be done (like with SSH keys) but I'm yet to figure out the Right Way of doing things with GPG. The GPG key is used to verify your identity, regardless of the machine you are currently using. Its trust is increased by having your key signed by other users. Therefore, it is common to use one GPG key and carefully guard your private key.

@SlavekB, thanks for explaining all the GPG stuff. I'll probably need to do a little bit of research on my side, but my public keys should be available on the public servers. (I've seen a mention that the servers synchronize with eachother?)

All good, singature found, imported and signed 😄

Rebrand artwork to TDE #7

Reviewers