Jeff King <peff@xxxxxxxx> writes: > On Fri, Jun 13, 2014 at 10:06:10AM -0700, Junio C Hamano wrote: > ... >> and more, perhaps? > > That is certainly the direction I was thinking of when I suggested "git > verify". > > However, I do not think it is too bad a thing to add a verify-commit > that matches verify-tag, as long as they do the exact same thing > (namely, check the gpg signature). We may find it is later obsoleted by > "git verify --gpg-signature", but given that verify-tag is already there > and will remain for compatibility, I don't think we are increasing the > cognitive load too much. Yup, I think we are exactly on the same page. Thanks for sanity-checking. > Your middle example above did make me think of one other thing, though. > As you noted, we actually have _three_ signature types: > > 1. signed tags > > 2. signed commits > > 3. merges with embedded mergetag headers > > We already have a tool for (1). Michael is adding a tool for (2). How > would one check (3) in a similar way? Hmph, somehow I misread the patch that it was for both 2 & 3 X-<. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html