Skip to content
Snippets Groups Projects

Docs for web-based commits

Merged Igor Drozdov requested to merge docs-web-commits-signing into master
1 unresolved thread
@@ -19,8 +19,6 @@ FLAG:
The availability of this feature is controlled by a feature flag.
For more information, see the history.
This feature is available for testing, but not ready for production use.
The availability of this feature is controlled by a feature flag.
For more information, see the history.
When you create a commit using the GitLab user interface, the commit is not pushed directly by you.
Instead, the commit is created on your behalf.
@@ -29,7 +27,8 @@ To sign these commits, GitLab uses a global key configured for the instance.
Because GitLab doesn't have access to your private key, the created commit can't be signed by using
the key associated with your account.
For example, if User A applies suggestions authored by User B, the commit contains the following:
For example, if User A applies [suggestions](../../merge_requests/reviews/suggestions.md)
authored by User B, the commit contains the following:
```plaintext
Author: User A <a@example.com>
@@ -50,7 +49,7 @@ To avoid confusion, when the commit is signed, the signature should belong to th
This is why you should [configure](../../../../administration/gitaly/configure_gitaly.md#configure-commit-signing-for-gitlab-ui-commits)
the `Committer` field to point to the instance itself.
For example, when this feature is enabled on GitLab.com, the `Committer` field will be: `GitLab <noreply@gitlab.com>`.
For example, when this feature becomes enabled on GitLab.com, the `Committer` field will be: `GitLab <noreply@gitlab.com>`.
GitLab provides multiple security features that rely on the `Committer` field to be set to the user who creates the commit.
For example:
@@ -70,7 +69,7 @@ which makes it possible to create commits on behalf of other users.
When commit signing is enabled, commits created using the REST API that have different `author_name`
and `author_email` than the user who sends the API request are rejected.
## Rebase from UI
## Rebasing from UI
When signing commits made in the UI is enabled and you rebase a merge request from the UI, the commits aren't signed.
Loading