[PATCH] Documentation: clarify signature verification

From: Keller Fuchs Uniformise the vocabulary used wrt. key/signature validity with OpenPGP: - a signature is valid if made by a key with a valid uid; - in the default trust-model, a uid is valid if signed by a trusted key; - a key is trusted if the (local) user set a

Re: [PATCH] Documentation: clarify signature verification v2

On Thu, May 12, 2016 at 10:08 PM, Junio C Hamano wrote: > Pranit Bauva writes: > >> Seems like Junio was waiting for someone to point this out[2]. > > Thanks. I think you covered most of them correctly; I only have one > thing to add. > >> * Comments

Re: [PATCH] Documentation: clarify signature verification v2

Pranit Bauva writes: > Seems like Junio was waiting for someone to point this out[2]. Thanks. I think you covered most of them correctly; I only have one thing to add. > * Comments are put after ---. So your paragraph > "Clarify which commits need to be signed. >

Re: [PATCH] Documentation: clarify signature verification v2

On Thu, May 12, 2016 at 1:34 PM, Pranit Bauva wrote: > On Thu, May 12, 2016 at 12:20 PM, Fox in the shell > wrote: >> >> Hi, >> >> Here is a second attempt at this patch. >> Sorry for the delay, life somewhat got in the way. >> > > Its okay! We

Re: [PATCH] Documentation: clarify signature verification v2

On Thu, May 12, 2016 at 12:20 PM, Fox in the shell wrote: > > Hi, > > Here is a second attempt at this patch. > Sorry for the delay, life somewhat got in the way. > Its okay! We understand that things might take a little more time than expected! > -- > Clarify which

[PATCH] Documentation: clarify signature verification v2

Hi, Here is a second attempt at this patch. Sorry for the delay, life somewhat got in the way. -- Clarify which commits need to be signed. Uniformise the vocabulary used wrt. key/signature validity with OpenPGP: - a signature is valid if made by a key with a valid uid; - in the default

Re: [PATCH] Documentation: clarify signature verification

KellerFuchs writes: > I would rather see something like > >> Verify that the tip commit of the side branch being merged is >> signed with a valid key, i.e. a key that has a valid uid: in the >> default trust model, this means it has been signed by a trusted

Re: [PATCH] Documentation: clarify signature verification

On Mon, Apr 11, 2016 at 09:41:22AM -0700, Junio C Hamano wrote: > KellerFuchs writes: > > The reason for the first edit is that “trusted” and “valid” are OpenPGP > > concepts: a key is trusted if the user set a trust level for it, > > and a uid is valid if it has been

Re: [PATCH] Documentation: clarify signature verification

KellerFuchs writes: > On Sun, Apr 10, 2016 at 11:46:10AM -0700, Junio C Hamano wrote: >> > --- a/Documentation/merge-options.txt >> > +++ b/Documentation/merge-options.txt >> > @@ -89,8 +89,10 @@ option can be used to override --squash. >> > >> > --verify-signatures::

Re: [PATCH] Documentation: clarify signature verification

On Sun, Apr 10, 2016 at 11:46:10AM -0700, Junio C Hamano wrote: > > --- a/Documentation/merge-options.txt > > +++ b/Documentation/merge-options.txt > > @@ -89,8 +89,10 @@ option can be used to override --squash. > > > > --verify-signatures:: > > --no-verify-signatures:: > > - Verify that the

Re: [PATCH] Documentation: clarify signature verification

The Fox in the Shell writes: > Hi, > > I encountered some issues with the git documentation while modifying > my deployment scripts to enforce that the tree being fetched was > signed by a trusted key. > > It was unclear which commits needed to be signed (in the case of

[PATCH] Documentation: clarify signature verification

Hi, I encountered some issues with the git documentation while modifying my deployment scripts to enforce that the tree being fetched was signed by a trusted key. It was unclear which commits needed to be signed (in the case of `git merge`) and what were the criteria for the signature to be