Currently, we look at the user facing output of gpg, which is LANG dependent as
well as insecure.

After this series, we look at the status output (--status-fd) which is designed
for that purpose. As an additional benefit, we can read off the key which was 
for the signature, which is important for assigning trust.

All existing tests pass with this.

BTW: git branch --set-upstream-to= coredumps when on a detached head.

Michael J Gruber (5):
  gpg-interface: check good signature in a reliable way
  log-tree: rely upon the check in the gpg_interface
  gpg_interface: allow to request status return
  pretty: parse the gpg status lines rather than the output
  pretty: make %GK output the signing key for signed commits

 Documentation/pretty-formats.txt |  1 +
 builtin/fmt-merge-msg.c          |  2 +-
 builtin/verify-tag.c             |  2 +-
 gpg-interface.c                  | 18 +++++++++++++++---
 gpg-interface.h                  |  2 +-
 log-tree.c                       | 27 ++++++++++++---------------
 pretty.c                         | 19 +++++++++++++++----
 7 files changed, 46 insertions(+), 25 deletions(-)


To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to
More majordomo info at

Reply via email to