Details
-
Suggestion
-
Resolution: Unresolved
-
None
-
None
-
1
-
Description
Problem Definition
Bitbucket does store user's GPG keys so that commits can be verified when pushing them to Bitbucket. As the keys are already stored in Bitbucket, it'd be great to have the option to download those by other users so that they can verify commits from other users locally.
Right now, the REST API endpoing GET /rest/gpg/1.0/keys only allows you to export fingerprints and not keys. In addition, to download other users' keys you need to be an admin.
Suggested Solution
Have the ability for other user's to download your own and other users' GPG public key so that you can verify other users commits locally.
Workaround
No workaround other than using a separate solution as a key management server.