Jeff King <p...@peff.net> writes:
> On Fri, Jun 13, 2014 at 10:06:10AM -0700, Junio C Hamano wrote:
>> and more, perhaps?
> That is certainly the direction I was thinking of when I suggested "git
> However, I do not think it is too bad a thing to add a verify-commit
> that matches verify-tag, as long as they do the exact same thing
> (namely, check the gpg signature). We may find it is later obsoleted by
> "git verify --gpg-signature", but given that verify-tag is already there
> and will remain for compatibility, I don't think we are increasing the
> cognitive load too much.
Yup, I think we are exactly on the same page.
Thanks for sanity-checking.
> Your middle example above did make me think of one other thing, though.
> As you noted, we actually have _three_ signature types:
> 1. signed tags
> 2. signed commits
> 3. merges with embedded mergetag headers
> We already have a tool for (1). Michael is adding a tool for (2). How
> would one check (3) in a similar way?
Hmph, somehow I misread the patch that it was for both 2 & 3 X-<.
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html