Re: [PATCH 1/1] verify-tag/verify-commit should exit unsuccessfully when signature is not trusted

On Fri, Aug 03, 2018 at 12:06:34PM -0400, Jeff King wrote: > On Fri, Aug 03, 2018 at 11:43:44AM -0400, Santiago Torres wrote: > > > > This is not a deviation. GPG correctly recognizes difference between > > > trusted, > > > untrusted and unknown levels. git on the other hand does not. Well it

Re: [PATCH 1/1] verify-tag/verify-commit should exit unsuccessfully when signature is not trusted

understand why it was done. Decision if signature validity is reported as error should be on GPG not on git specially when there is almost no configuration possibility for GPG in git. Note that our proposed change is conservative and drawn as a unification of behavior of pull/merge and verify-*. To