Roberto Machorro

Roberto Machorro

Software Developer

© 2020

Dark Mode

GitHub Signed Commits

If you have used GitHub for more than a couple of years, you probably have an anonymous address that looks something like this: username@users.noreply.github.com. This prevents bots and spiders from picking up your address on commit history.

You may also use GnuPG to sign your commits, you may have noticed that your fancy Verified is now an ugly Unverified label on your new commits. It happened to me. 🙀

The solution came by updating the anonymous e-mail from GitHub, you can find out what yours is by going to their E-mail Settings page. It should look like randomid-username@users.noreply.github.com.

That is your new fake e-mail. Next, you need to associate your new e-mail with the GPG key. Then update your Git configuration by setting your new commit e-mail address.

You are almost done. Go to SSH and GPG keys and update your key if necessary. At this point, any new commits should be Verified!

You don’t need to, but if you share signed files or e-mail, you may want to update the keyserver.

gpg --send-keys <KEYID>