Jeff King <> writes:

> I realize this isn't really your itch to scratch. It's just that when I
> see a description like "verify a commit", I wonder what exactly "verify"
> means.

I think that is an important point.  If a tool only verifies the
signature of the commit when conceivably other aspect of it could
also be verified but we cannot decide how or we decide we should not
dictate one-way-fits-all, using a generic name "verify-commit" or
"verify" without marking that it is currently only on the signature
clearly somewhere might close the door to the future.

    git verify <object>::
        Verify whatever we currently deem is appropriate for the
        given type of object.

    git verify --gpg-signature::
        Verify the GPG signature for a signed tag, a signed commit,
        or a merge with signed tags.

    git verify --commit-author <committish>::
        Verify the GPG signer matches the "author " header of the

and more, perhaps?
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to
More majordomo info at

Reply via email to