Hi, The git merge command has a --verify-signatures flag, which, when set, checks that the commits to be merged have trusted GPG signatures. git pull also knows this flag and forwards it to the merge command. However, doing a git pull --rebase --verify-signatures silently ignores it, since rebase has no --verify-signatures flag. Is there any technical reason why rebase should not have a --verify-signatures flag? I have written a patch to git-rebase--am which enables it to do such a check. If there is no reason not to include it I'd add documentation and a test and submit it. Otherwise I think git pull should warn, or even die with an error, if both --rebase and --verify-signatures are passed. Regards, Alexander Hirsch -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html