As promised a while ago, here is a little series that describes the signature formats that we use in Git. The series sets up the the basic structure first and then describes each format in one patch. The series grew out of my own efforts to get an overview and structure my understanding before I can set about refactoring what we have. Things that became apparent immediately: - We don't support verifying push certificates, although they fit in with git verify-tag. Patch has been submitted, and this series documents the result already (git verify-tag --blob). - We don' support verifying signed merge tags other than by using log/show, which is not quite fit for scripting. - We have signature parsing code all over the place, including places that should probably abstract more, such as tag.c and log-tree.c. - We may want to give more support for deciding about the trustworthiness of signatures, the same way we export information to receive hooks in the presence of push certificates. (Give information, don't decide.) Michael J Gruber (5): Documentation/technical: describe signature formats Documentation/technical: signed tag format Documentation/technical: signed commit format Documentation/technical: signed merge tag format Documentation/technical: push certificate format Documentation/Makefile | 1 + Documentation/technical/signature-format.txt | 242 +++++++++++++++++++++++++++ 2 files changed, 243 insertions(+) create mode 100644 Documentation/technical/signature-format.txt -- 2.9.0.382.g87fd384 -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html