Jeff King <peff@xxxxxxxx> writes: > I'm still undecided on whether it is a better approach than making > sure the stdout we got looks sane. In particular I'd worry that it > would make things harder for somebody trying to plug in something > gpg-like (e.g., if you wanted to do something exotic like call a > program which fetched the signature from a remote device or > something). But it's probably not _that_ hard for such a script > to emulate --status-fd. I share the same thinking, but at the same time, it already is a requirement to give --status-fd output that is close enough on the signature verification side, isn't it? -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html