> > disable fetching keys from hkp servers. This way signature verification > > should fail. > > > > Thanks, > > -Santiago. > > This is not a deviation. GPG correctly recognizes difference between trusted, > untrusted and unknown levels. git on the other hand does not. Well it did until > the commit a4cc18f29. That one removed GPG exit code propagation. Oh wow. Sorry my assumption parted from looking at the code back in the day where this happens. I assumed git was quietly propagating the gpg error code and took it from there. Now that I think about it though, verify tag can verify more than one tag. I assume that this would make it difficult to propagate individual errors in trusting. I honestly don't know what's the best way to modify this behavior then. Thanks, -Santiago
Attachment:
signature.asc
Description: PGP signature