
Gitlab 9.5 released - markdog12
https://about.gitlab.com/2017/08/22/gitlab-9-5-released/
======
jakebasile
It appears that the GPG support doesn't support subkey signing, commits signed
with my signing subkey do not show as verified, while the same commit on
GitHub does. Both GitHub and GitLab have the same public key export available,
and the same email addresses verified.

Examples:

[https://gitlab.com/jakebasile/gpg-sign-
test/commits/master](https://gitlab.com/jakebasile/gpg-sign-
test/commits/master)

[https://github.com/jakebasile/gpg-sign-
test/commits/master](https://github.com/jakebasile/gpg-sign-
test/commits/master)

Edit: it is possible I am just doing something wrong, I don't routinely sign
commits. But seeing as the exact same commit in GitHub shows as verified I
think there is a problem here.

~~~
kiallmacinnes
It wouldn't surprise me at all if subkeys got missed in v1 of the feature,
it's rare to use gpg, and even rarer to use subkeys :)

I'm sure if you file a bug with the details, they'll sort it it!

~~~
jakebasile
Looks like someone beat me to it!

[https://gitlab.com/gitlab-org/gitlab-
ce/issues/36829](https://gitlab.com/gitlab-org/gitlab-ce/issues/36829)

------
brylie
One of the main reasons we aren't using GitLab for our open source projects is
the network effect that GitHub enjoys. We work openly on GitHub, and many of
our stakeholders have GitHub accounts.

Are there any ways to manage a federated project, using GitLab as the primary
project management while still maintaining presence in the GitHub community?

~~~
blackst0ne
GitLab allows users to sign in using their GitHub accounts. It solves the
`everyone has a GitHub account` problem.

~~~
diggan
Not really, if "SamHouston" (not a real person, just example) has a Github
account but has yet to sign up/in with Gitlab, I cannot ping that person via a
comment on Gitlab no?

