Currently, we look at the user facing output of gpg, which is LANG dependent as well as insecure.
After this series, we look at the status output (--status-fd) which is designed for that purpose. As an additional benefit, we can read off the key which was used for the signature, which is important for assigning trust. All existing tests pass with this. BTW: git branch --set-upstream-to= coredumps when on a detached head. Michael J Gruber (5): gpg-interface: check good signature in a reliable way log-tree: rely upon the check in the gpg_interface gpg_interface: allow to request status return pretty: parse the gpg status lines rather than the output pretty: make %GK output the signing key for signed commits Documentation/pretty-formats.txt | 1 + builtin/fmt-merge-msg.c | 2 +- builtin/verify-tag.c | 2 +- gpg-interface.c | 18 +++++++++++++++--- gpg-interface.h | 2 +- log-tree.c | 27 ++++++++++++--------------- pretty.c | 19 +++++++++++++++---- 7 files changed, 46 insertions(+), 25 deletions(-) -- 18.104.22.168.797.ge0260c7 -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html