On Mon, Jun 16, 2014 at 01:34:20PM -0700, Junio C Hamano wrote: > > Your middle example above did make me think of one other thing, though. > > As you noted, we actually have _three_ signature types: > > > > 1. signed tags > > > > 2. signed commits > > > > 3. merges with embedded mergetag headers > > > > We already have a tool for (1). Michael is adding a tool for (2). How > > would one check (3) in a similar way? > > Hmph, somehow I misread the patch that it was for both 2 & 3 X-<. I was just assuming it handles only (2) without checking further, so I may be wrong. But I do not think it makes sense to conflate (2) and (3). A merge commit may have both, and they are separate signatures. For that matter, is there a way to expose (3) currently, besides via --show-signature? It does not trigger "%GG" and friends (nor should it). It may make sense to add extra format specifiers for mergetag signatures. Though I do not use them myself, so I am not clear on what the use case is besides a manual, human verification of a particular merge. -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html