configure pre-commit

This commit is contained in:
Aminda Suomalainen ⚧ 2023-05-09 13:33:23 +03:00
parent 865f3b509b
commit 226af3433d
SSH Key Fingerprint: SHA256:CXLULpqNBdUKB6E6fLA1b/4SzG0HvKD19PbIePU175Q
3 changed files with 68 additions and 16 deletions

View File

@ -8,5 +8,7 @@ charset = utf-8
indent_style = tab indent_style = tab
indent_size = tab indent_size = tab
[*.{markdown,md}] [*.{markdown,md,yaml}]
trim_trailing_whitespace = false trim_trailing_whitespace = false
indent_style = space
indent_size = 2

39
.pre-commit-config.yaml Normal file
View File

@ -0,0 +1,39 @@
ci:
# Forĝejo/Gitea mirrors will autoclose pull requests. This should decrease
# the frequency of unnecessary PRs.
# https://github.com/pre-commit-ci/issues/issues/83
autoupdate_schedule: quarterly
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.4.0
hooks:
- id: check-added-large-files
- id: check-case-conflict
- id: check-executables-have-shebangs
- id: check-shebang-scripts-are-executable
- id: destroyed-symlinks
- id: detect-private-key
- id: end-of-file-fixer
- id: fix-byte-order-marker
- id: trailing-whitespace
exclude_types: [markdown]
- repo: https://github.com/thlorenz/doctoc
rev: v2.2.0
hooks:
- id: doctoc
args: [--update-only]
- repo: https://github.com/pre-commit/mirrors-prettier
rev: "v3.0.0-alpha.9-for-vscode"
hooks:
- id: prettier
- repo: https://github.com/editorconfig-checker/editorconfig-checker.python
rev: "2.7.1"
hooks:
- id: editorconfig-checker
alias: ec
# I don't actually care about line lengths as more than a guideline
args: [-disable-max-line-length]

View File

@ -6,6 +6,17 @@ subsequent validations.
WoT? [Web Of Trust](https://en.wikipedia.org/wiki/Web_of_trust) WoT? [Web Of Trust](https://en.wikipedia.org/wiki/Web_of_trust)
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
- [Why?](#why)
- [Inclusion policy](#inclusion-policy)
- [Places to check for keys](#places-to-check-for-keys)
- [Mirrors](#mirrors)
- [See also](#see-also)
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
## Why? ## Why?
For example, I use [Tor Browser](https://torproject.org/) everywhere and For example, I use [Tor Browser](https://torproject.org/) everywhere and
@ -13,11 +24,11 @@ download it directly from their website. They have signed it using GPG (a
OpenPGP implementation) and to ensure it hasn't been tampered with, I have OpenPGP implementation) and to ensure it hasn't been tampered with, I have
to check that signature and I have two options: to check that signature and I have two options:
* I can always [verify the signature](https://support.torproject.org/tbb/how-to-verify-signature/), - I can always [verify the signature](https://support.torproject.org/tbb/how-to-verify-signature/),
but that takes time and I would need to verify it from both [support.torproject.org](https://support.torproject.org/tbb/how-to-verify-signature/) but that takes time and I would need to verify it from both [support.torproject.org](https://support.torproject.org/tbb/how-to-verify-signature/)
and [4bflp2c4tnynnbes.onion](http://4bflp2c4tnynnbes.onion/#how-to-verify-signature). and [4bflp2c4tnynnbes.onion](http://4bflp2c4tnynnbes.onion/#how-to-verify-signature).
But what if [they were compromised or I was under a MITM attack or lazy and verfied only one version](https://www.qubes-os.org/faq/#should-i-trust-this-website)? But what if [they were compromised or I was under a MITM attack or lazy and verfied only one version](https://www.qubes-os.org/faq/#should-i-trust-this-website)?
* (or) I could verify the signing key carefully once, sign (or certify) it - (or) I could verify the signing key carefully once, sign (or certify) it
by myself and in the future simply verify that my own key is valid (as I by myself and in the future simply verify that my own key is valid (as I
have been doing this a few times on the other side of dualbooting and at have been doing this a few times on the other side of dualbooting and at
family). family).
@ -33,30 +44,30 @@ control what people do with the signatures from this repository).
## Inclusion policy ## Inclusion policy
* I am reasonably certain that the key belongs to whom it claims to belong - I am reasonably certain that the key belongs to whom it claims to belong
to or I trust the key to belong to whomever it belongs to. to or I trust the key to belong to whomever it belongs to.
* I have some need of the key or have attended keysigning party with the - I have some need of the key or have attended keysigning party with the
key owner. key owner.
* `me/me.asc` is just my key and place where I try to keep all signatures it - `me/me.asc` is just my key and place where I try to keep all signatures it
has received. Symlinks are legacy reasons and other me's are also me. has received. Symlinks are legacy reasons and other me's are also me.
## Places to check for keys ## Places to check for keys
* GitHub, Gitea and GitLab expose user public keys when you append a `.gpg` - GitHub, Gitea and GitLab expose user public keys when you append a `.gpg`
after their profile page (`.keys` for SSH). after their profile page (`.keys` for SSH).
* [The Internet Archive's Waybackmachine](https://web.archive.org/) is always - [The Internet Archive's Waybackmachine](https://web.archive.org/) is always
a good place too especially when using together with official websites. a good place too especially when using together with official websites.
* Some people have similar projects or webpages for this purpose - Some people have similar projects or webpages for this purpose
* [Artemis' verify page](https://artemislena.eu/services/verify.html) - [Artemis' verify page](https://artemislena.eu/services/verify.html)
## Mirrors ## Mirrors
* main: [git.blesmrt.net/Mikaela/pgp-alt-wot](https://gitea.blesmrt.net/mikaela/pgp-alt-wot/) - main: [git.blesmrt.net/Mikaela/pgp-alt-wot](https://gitea.blesmrt.net/mikaela/pgp-alt-wot/)
* [git.piraattipuolue.fi/Mikaela/pgp-alt-wot](https://git.piraattipuolue.fi/mikaela/pgp-alt-wot) - [git.piraattipuolue.fi/Mikaela/pgp-alt-wot](https://git.piraattipuolue.fi/mikaela/pgp-alt-wot)
* [git.com.de/Mikaela/pgp-alt-wot](https://git.com.de/mikaela/pgp-alt-wot) ([onion](http://gitea.qzzf2qcfbhievvs5nzkccuwddroipy62qjocqtmgcgh75vd6w57m7yad.onion/Mikaela/pgp-alt-wot)) - [git.com.de/Mikaela/pgp-alt-wot](https://git.com.de/mikaela/pgp-alt-wot) ([onion](http://gitea.qzzf2qcfbhievvs5nzkccuwddroipy62qjocqtmgcgh75vd6w57m7yad.onion/Mikaela/pgp-alt-wot))
## See also ## See also
* [Qubes OS: On Digital Signatures and Key Verification](https://www.qubes-os.org/security/verifying-signatures/) - [Qubes OS: On Digital Signatures and Key Verification](https://www.qubes-os.org/security/verifying-signatures/)
* [Finnish Digital and Population Services Agency certificate search](https://dvv.fineid.fi/certificate-search) - [Finnish Digital and Population Services Agency certificate search](https://dvv.fineid.fi/certificate-search)
* S/MIME, not OpenPGP though - S/MIME, not OpenPGP though