From: Fox in the shell <KellerFuchs@hashbang.sh>
To: git@vger.kernel.org
Cc: "Michael J. Gruber" <git@drmicha.warpmail.net>,
"Brian M. Carlson" <sandals@crustytoothpaste.ath.cx>,
Junio C Hamano <gitster@pobox.com>
Subject: [PATCH] Documentation: clarify signature verification v2
Date: Thu, 12 May 2016 06:50:22 +0000 [thread overview]
Message-ID: <20160512065022.GA32387@hashbang.sh> (raw)
Hi,
Here is a second attempt at this patch.
Sorry for the delay, life somewhat got in the way.
--
Clarify which commits need to be signed.
Uniformise the vocabulary used wrt. key/signature validity with OpenPGP:
- a signature is valid if made by a key with a valid uid;
- in the default trust-model, a uid is valid if signed by a trusted key;
- a key is trusted if the (local) user set a trust level for it.
Thanks to Junio C Hamano <gitster@pobox.com> for reviewing
the first attempt at this patch.
---
Documentation/merge-options.txt | 7 +++++--
Documentation/pretty-formats.txt | 4 ++--
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/Documentation/merge-options.txt b/Documentation/merge-options.txt
index f08e9b8..30808a0 100644
--- a/Documentation/merge-options.txt
+++ b/Documentation/merge-options.txt
@@ -89,8 +89,11 @@ option can be used to override --squash.
--verify-signatures::
--no-verify-signatures::
- Verify that the commits being merged have good and trusted GPG signatures
- and abort the merge in case they do not.
+ Verify that the tip commit of the side branch being merged is
+ signed with a valid key, i.e. a key that has a valid uid: in the
+ default trust model, this means the signing key has been signed by
+ a trusted key. If the tip commit of the side branch is not signed
+ with a valid key, the merge is aborted.
--summary::
--no-summary::
diff --git a/Documentation/pretty-formats.txt b/Documentation/pretty-formats.txt
index 671cebd..29b19b9 100644
--- a/Documentation/pretty-formats.txt
+++ b/Documentation/pretty-formats.txt
@@ -143,8 +143,8 @@ ifndef::git-rev-list[]
- '%N': commit notes
endif::git-rev-list[]
- '%GG': raw verification message from GPG for a signed commit
-- '%G?': show "G" for a Good signature, "B" for a Bad signature, "U" for a good,
- untrusted signature and "N" for no signature
+- '%G?': show "G" for a good (valid) signature, "B" for a bad signature,
+ "U" for a good signature with unknown validity and "N" for no signature
- '%GS': show the name of the signer for a signed commit
- '%GK': show the key used to sign a signed commit
- '%gD': reflog selector, e.g., `refs/stash@{1}`
--
2.1.4
next reply other threads:[~2016-05-12 6:50 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-12 6:50 Fox in the shell [this message]
2016-05-12 8:04 ` [PATCH] Documentation: clarify signature verification v2 Pranit Bauva
2016-05-12 8:08 ` Pranit Bauva
2016-05-12 16:38 ` Junio C Hamano
2016-05-12 17:32 ` Pranit Bauva
2016-05-13 9:37 ` KellerFuchs
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160512065022.GA32387@hashbang.sh \
--to=kellerfuchs@hashbang.sh \
--cc=git@drmicha.warpmail.net \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=sandals@crustytoothpaste.ath.cx \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).