Michael J Gruber <git@xxxxxxxxxxxxxxxxxxxx> writes:
> Currently, git expects "-----BEGIN PGP SIGNATURE-----" at the beginning of a
> signature. But gpg uses "MESSAGE" instead of "SIGNATURE" when used with
> the "rfc1991" option. This leads to git's faling to verify it's own
> signed tags.
>
> Be more lenient and take "-----BEGIN PGP " as the indicator.
Thanks, but it bothers me that the patch is a bit inconsistently lenient.
How many variants of PGP implementations are there? For example, I'd ask
these without doing my own research because I am lazy:
1. Does everybody place five dashes at the beginning (IOW, is there an
odd variant that puts four or six)?
2. Does everybody follow the dashes immediately with "BEGIN" (IOW, is
there an odd variant that puts a SP between them)?
3. Does everybody spell "BEGIN PGP " the same way, in all uppercase?
4. Does everybody place five dashes at the end (IOW, is there an odd
variant that puts four or six)?
5. Does everybody follow the "BEGIN PGP SOMETHING" immediately with
dashes without SP?
Your patch seem to answer <yes, yes, yes, no, no> to the above question.
I'd find it saner if the patched code at least checked that the line ends
with 5 dashes.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html