This is a bit of frustration post. I’m not a professional and some stuff is super confusing. And it might not even be programming only, as this seems to be a general issue when it comes to signing and security in computers. Every time I have to reinstall my operating system (its really only a few times in a decade), one of the things i fear most is signing into Github, signing keys and setting up local git on my Linux machine. I want the verified badge. Every time its a fight in understanding and doing the right steps, creating gpg keys and access tokens and such.
Am I the only one who struggles with this? Right now I have set it up and my test repository has the badge again. Do people care about this? Especially people like me who does a few little CLI and scripts and nothing else. Am I doing enterprise level security for the sake of an icon or is this really more secure? I do not have ANY professional background. As said I seem to have setup correctly now, so this is not asking for troubleshooting. Just wanted hear about your opinion and experience, and if any of you care.
Regarding access tokens, there’s a third party credential helper for Linux that uses OAuth. I recently found it and started using it a month ago. Works pretty much the same as Git + Windows Credential Manager. In case you are running headless, there is a device mode flag that will allow you to login with the GitHub app on your phone.
https://github.com/hickford/git-credential-oauth
(And if you layer a timed cache helper before the OAuth helper… well you shouldn’t have to reauthenticate every time!)
Otherwise, the Git manual lists some other credential helpers that interface with some password managers.
https://git-scm.com/doc/credential-helpers
My goal is to use git only. The problem for me is, this application “git-credential-oauth” is not in the official repository of my distribution. Which is a huge no-no for security related stuff in my opinion.