Am Tue, 10 Jul 2018 13:01:10 -0400
schrieb Jeff King <peff@xxxxxxxx>:
> On Tue, Jul 10, 2018 at 10:52:30AM +0200, Henning Schild wrote:
>
> > diff --git a/Documentation/config.txt b/Documentation/config.txt
> > index c0bd80954..b6f9b47d5 100644
> > --- a/Documentation/config.txt
> > +++ b/Documentation/config.txt
> > @@ -1830,7 +1830,7 @@ gpg.program::
> >
> > gpg.format::
> > Specifies which key format to use when signing with
> > `--gpg-sign`.
> > - Default is "openpgp", that is also the only supported
> > value.
> > + Default is "opengpg" and another possible value is
> > "x509".
>
> opengpg?
Right, thanks!
> Since we're having so much fun with naming discussions, let's talk
> about "x509". :)
>
> That's the cert format. I think of these signatures as S/MIME, but
> really that's the mail-oriented parts of the standard. I think
> technically this is "CMS".
>
> That said, we should pick what most people will find natural when
> referring to it. So maybe x509 isn't the worst choice, as I doubt most
> people know the term CMS. Probably the term they know _most_ is
> "gpgsm", but I think the point is that one does not have to be using
> gpgsm in the first place.
Ok, but now that you mention it, i will include the string "gpgsm" into
Documentation/config.txt somewhere. Maybe other documentation bits
could use hints that gpg is not the only kid in town anymore.
> So I dunno. I think I talked myself back into x509. ;)
Ok, will stick to it.
Henning
> > diff --git a/gpg-interface.c b/gpg-interface.c
> > index 65098430f..bf8d567a4 100644
> > --- a/gpg-interface.c
> > +++ b/gpg-interface.c
> > @@ -16,13 +16,18 @@ struct gpg_format_data {
> >
> > #define PGP_SIGNATURE "-----BEGIN PGP SIGNATURE-----"
> > #define PGP_MESSAGE "-----BEGIN PGP MESSAGE-----"
> > +#define X509_SIGNATURE "-----BEGIN SIGNED MESSAGE-----"
> >
> > -enum gpgformats { PGP_FMT };
> > +enum gpgformats { PGP_FMT, X509_FMT };
> > struct gpg_format_data gpg_formats[] = {
> > { .format = "openpgp", .program = "gpg",
> > .extra_args_verify = { "--keyid-format=long" },
> > .sigs = { PGP_SIGNATURE, PGP_MESSAGE }
> > },
> > + { .format = "x509", .program = "gpgsm",
> > + .extra_args_verify = { NULL },
> > + .sigs = { X509_SIGNATURE, NULL }
> > + },
>
> Extremely minor nit, but if there are no other uses of PGP_SIGNATURE
> etc outside of this array (as I hope there wouldn't be after this
> series), would it make more sense to just include the literals inline
> in the array definition? That's one less layer of indirection when
> somebody is reading the code.
>
> -Peff
