Dear git mailing list, Dear Mike Gerwitz, according to http://mikegerwitz.com/papers/git-horror-story#script-trust the output of: git log --pretty="format:%H$t%aN$t%s$t%G?" --show-signature should look like this: ----- f72924356896ab95a542c495b796555d016cbddd Mike Gerwitz Yet another foo gpg: Signature made Sun 22 Apr 2012 01:37:26 PM EDT using RSA key ID 8EE30EAB gpg: Good signature from "Mike Gerwitz (Free Software Developer) <mike@xxxxxxxxxxxxxxx>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 2217 5B02 E626 BC98 D7C0 C2E5 F22B B815 8EE3 0EAB afb1e7373ae5e7dae3caab2c64cbb18db3d96fba Mike Gerwitz Modified bar G ----- But when I run that command, spaces are missing. (Using a user that does not know my gpg public key for testing purposes.) See output: ----- user2@host:/home/user/testrepo$ git log --pretty="format:%H$t%aN$t%s$t%G?" --show-signature gpg: Signature made Thu 04 Dec 2014 04:37:58 PM UTC using RSA key ID 77BB3C48 gpg: Good signature from "Patrick Schleizer <adrelanos@xxxxxxxxxx>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 916B 8D99 C38E AF5E 8ADC 7A2A 8D66 066A 2EEA CCDA Subkey fingerprint: 6E97 9B28 A6F3 7C43 BE30 AFA1 CB8D 50BB 77BB 3C48 529bbc076f05c13023580ea7be7ba63aba3e9672Patrick Schleizersigned commit 2U gpg: Signature made Thu 04 Dec 2014 04:29:32 PM UTC using RSA key ID 77BB3C48 gpg: Good signature from "Patrick Schleizer <adrelanos@xxxxxxxxxx>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 916B 8D99 C38E AF5E 8ADC 7A2A 8D66 066A 2EEA CCDA Subkey fingerprint: 6E97 9B28 A6F3 7C43 BE30 AFA1 CB8D 50BB 77BB 3C48 ea1615ac1a9fe9f957f91f54a33a60d57828a32fPatrick Schleizersigned commitU 75e79a211963907afd3a6d2f28c3571d37140231Patrick Schleizerreal long commit msg Please enter the commit message for your changes. Lines starting with '#' will be ignored, and an empt 30096d1633ef22463c1a770288755ae5325f1242Patrick Schleizer2N e7be12378d2805bebe531bd01cbec9dec1f79032Patrick Schleizerinitial commitN (END) ----- Any idea? Am I doing something wrong? I am asking, because therefore Mike Gerwitz's Quote "Signature Check Script With Web Of Trust" verification script ( http://mikegerwitz.com/papers/git-horror-story#script-trust ) does not work for me. Mike, could you please put your various git commit verification helper scripts into a publicly visible? By the way, any chance that these useful helper scripts could make their way into the official distribution of git as a stopgap until native git commit verification support gets improved? Cheers, Patrick -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html