Hi there, Some of you may remember me from my more active times... Anyways, a recent blog post about signed commits in git triggered me to look at our tools for that again. It seems that we only have the log/pretty family on the user facing side, but everything we need under the hood. So here's a suggestion to implement verify-commit in a way which is completely analogous to verify-tag. In fact, it could be coded more elegantly, but I kept it this way so that we could merge the two more easily in case we wish to do so. I will follow up with tests if the design principle is something we agree upon. Michael J Gruber (3): pretty: free the gpg status buf gpg-interface: provide access to the payload verify-commit: scriptable commit signature verification Documentation/git-verify-commit.txt | 28 +++++++++++ Makefile | 1 + builtin.h | 1 + builtin/merge.c | 1 + builtin/verify-commit.c | 98 +++++++++++++++++++++++++++++++++++++ command-list.txt | 1 + commit.c | 1 + git.c | 1 + gpg-interface.h | 1 + pretty.c | 2 + 10 files changed, 135 insertions(+) create mode 100644 Documentation/git-verify-commit.txt create mode 100644 builtin/verify-commit.c -- 2.0.0.533.gae2e602 -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html