This is my first time posting here, so please let me know if I’m doing something wrong. Thanks .
I often use the
git cli rather than the GitHub website to verify commits. Sometimes, I’ll either use the GitHub website to make a quick, one-line fix, or I’ll be working with someone who uses the website to write some code, and I’ll need to verify their commit. No problem, I think to myself, preparing to use
git verify-commit as I always do.
$ git verify-commit <hash> gpg: Signature made Wed May 19 20:23:48 2021 EDT gpg: using RSA key 4AEE18F83AFDEB23 gpg: Can't check signature: No public key
Uh oh! I can’t verify the commit because I don’t have GitHub’s public key. I was wondering if it is published anywhere, or if I can get it somewhere to do these verifications with the command line?
Thank you so much!