I forgot to sign a commit and pushed it to github, how can I sign the same commit and push it again so that github shows the verified tag for it. (or is it possible, if not, then what's the best solution)
Asked
Active
Viewed 2,216 times
2
pokemon
- 710
- 1
- 5
- 10
-
1Are you willing to rewrite history and force push? – Jeff Puckett Jul 03 '16 at 22:07
-
@Jeff Puckett II : That is fine for me, no problem with that – pokemon Jul 03 '16 at 22:35
-
Possible duplicate of https://superuser.com/questions/1144817/is-it-a-good-idea-to-gpg-sign-old-git-commits – Michael Freidgeim Nov 25 '20 at 14:10
-
Does this answer your question? [Is there a way to gpg sign all previous commits?](https://stackoverflow.com/questions/41882919/is-there-a-way-to-gpg-sign-all-previous-commits) – Michael Freidgeim May 05 '22 at 21:07
1 Answers
0
Any modification of a commit, including signing it, will create a new commit that then replaces the old one. You should never modify an already published commit since that will mess up the repositories of all other contributors.
The easiest solution here is to just accept that you didn’t sign it and keep it that way. Publishing unsigned commits is not an uncommon thing, so you shouldn’t worry about it.
Of course, you could also amend the commit and repush it using the force flag; but again, this will mess up other’s repositories, so do that only if you are really sure of the implications.
In doubt, ask the project owners what you should do.
poke
- 369,085
- 72
- 557
- 602