Include NOREPLY address when parsing SSH signature

[markdascher]

Feature Description

SSH signatures are only recognized on commits with real email addresses:

gitea/models/asymkey/ssh_key_commit_verification.go

Lines 39 to 45 in 6fe756d

	activated := false
	for _, e := range committerEmailAddresses {
	if e.IsActivated && strings.EqualFold(e.Email, c.Committer.Email) {
	activated = true
	break
	}
	}

For comparison, GPG signatures include NOREPLY logic already:

gitea/models/asymkey/gpg_key.go

Lines 272 to 274 in 0ebb45c

	if user.KeepEmailPrivate && strings.EqualFold(email, user.GetEmail()) {
	return true, user.GetEmail()
	}

Should there be similar logic for SSH signatures? Otherwise I'd need to reveal my real email address in order to use SSH signatures.

Screenshots

No response

[brian6932]

This behavior doesn't match the default behavior of platforms like GitHub, GitLab, and Codeberg, it adds a lot of undocumented confusion, and forces you to expose email addresses. Forgejo, and by extension Codeberg have already patched this behavior. The whole UI for email addresses on Gitea, is a complete mess. Having to swap between the /user/settings and /user/settings/account pages, just to simply manage your emails is absurd. GitHub (/settings/emails) and GitLab (/-/profile/emails) have dedicated tabs for email management. GitLab's one isn't very good, as a few email specific settings are still under /-/user_settings/profile, but it's still miles better than Gitea in this regard.

Should there be similar logic for SSH signatures? Otherwise I'd need to reveal my real email address in order to use SSH signatures.

Yes.

[lunny]

I sent #35043 to allow noreply email address can be used when signing with ssh key.