Michael J Gruber wrote:
> Currently, git expects "-----BEGIN PGP SIGNATURE-----" at the beginning of a
> signature. But gpg uses "MESSAGE" instead of "SIGNATURE" when used with
> the "rfc1991" option. This leads to git's faling to verify it's own
> signed tags.
>
> Be more lenient and take "-----BEGIN PGP " as the indicator.
Another way to go might be to add --gnupg (or --openpgp) to the gpg
options used for tagging. That overrides an option like rfc1991 in
the gnupg config file.
Whether that's preferable to accepting these older-style messages is
debatable. Using rfc1991 implies pgp-2.x compatibility, which means
using md5 as the algorithm. It could be seen as a weakness to accept
such signatures.
(Oh, and you probably saw this already, but s/faling/failing. ;)
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The best cure for insomnia is to get a lot of sleep.
-- W.C. Fields
Attachment:
pgp0WfkRKNu_g.pgp
Description: PGP signature