On 9.8.2018 20:40, Junio C Hamano wrote: > Jeff King <peff@xxxxxxxx> writes: > >> I guess leaving it serves as a sort of cross-check if gpg would return a >> zero exit code but indicate in the status result that the signature was >> not good. Sort of a belt-and-suspenders, I guess (which might not be >> that implausible if we think about somebody wrapping gpg with a sloppy >> bit of shell code that loses the exit code -- it's their fault, but it >> might be nice for us to err on the conservative side). > OK, this time a real log message. Now it is possible to achieve git verify-tag/verify-commit exits unsuccessfully when signatures are not trusted. I would like to introduce some tests for this behavior to prevent this problem in the future. Thank you all for discussion and for solving the issue. Vojtech and Karel
