howto/Registry-Authentication.md
... ...
@@ -4,7 +4,17 @@
4 4
5 5
When a pull request is submitted to the registry, the submitter signs the git commit hash with their private key. The registry maintainers will then check the signature against the registered public key to authorise the change.
6 6
7
-The signature and verification process varies depending on the type of public key within the `auth` attribute.
7
+The signature and verification process varies depending on the type of public key within the `auth` attribute.
8
+
9
+---
10
+
11
+*The registry now contains an experimental script 'sign-my-commit' which can authentication requests using PGP or generic SSH key signing. Users are encouraged to use the script where possible as it will help with automating pull request reviews.*
12
+
13
+*Run `./sign-my-commit --help` to get usage information.*
14
+
15
+*If the script fails, please report the problem using the registry issue log (or better fix it and submit a PR!). You can always sign your commit manually using the methods below.*
16
+
17
+---
8 18
9 19
#### Finding the commit hash
10 20