RE:How to get some replacement for a commit list

[PICCA Frederic-Emmanuel <frederic-emmanuel.picca@synchrotron-soleil.fr>]

> I have submitted a pull request with such a script:

>  https://salsa.debian.org/mehdi/salsa-scripts/merge_requests/2/commits

Hello,

Is it just me or...

I find that this token things is a regression from a security point of view.
I did my best to put my pgp private key on a nitrokey device. And I use the gpg-agent in order to deal with ssh.

So now I have no private (gpg and ssh) keys on my computers.

Now it seems that we need to put somewhere on computers the token in orde to use these scripts.

Is it possibble to use the gpg-agent in order to manage this salsa api manipulation ?

Cheers

Frédéric