Mariusz Gronczewski <xani666@xxxxxxxxx> writes:
> What is really missing is an ability to display used key ID without
> hammering git log output with regexps, it would be much easier to
> validate incoming commits if there was format option to just display
> key ID instead of signer name. %GS isn't really good solution for that
> because it will show only one of email addresses used in the key and
> script checking signatures would have to always pick "right" one.
The %G<anything> pretty modifiers other than %GG were done mostly as
placeholders.
I think the following would be a good way to refine them:
- %GG, and possibly "log --show-signature" should run GPG under
the user's LANG.
- %G? is mostly useless, unless it is made to always mean "does
it verify crypto-wise" and nothing else. One bit is simply
too small to represent all the cases where you may or may not
have the signer's key, or you may have the key but you do not
have enough trust in it (e.g. the key may be expired, revoked,
or not enough confidence in your web of trust).
- The "right" one you mention for %GS is easier than you might
think. If you just verify against the accompanying "tagger"
identity, that should be sufficient. It of course cannot be
generally solved, as you could tag as person A while signing
with key for person B, but a simple social convention would
help us out there: if you tag as Mariusz Gronczewski, your
signature should also say so.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html