Anyone out there at GitHub: could you please add support for adding an SSH CA key to a repo and then enforcing that commits be signed with a certificate signed by that CA? This is already supported in git, and would let orgs just upload their CA and enforce signatures without needing to manage keys for individual users.
@mjg59
How does that support in git handle expiry?
@robryk what do you mean?
@robryk oh I see - got just calls out to SSH to handle this
Follow
That has a weird effect where you cannot repush a commit that was there already, if it got gced in the meantime, and where e.g. accepting a pull request might work differently depending where the source branch is (because it either does or does not involve adding the commits).
