On Sun, 2018-11-04 at 15:10 +0000, brian m. carlson wrote: > On Sun, Nov 04, 2018 at 10:47:10AM +0100, Michał Górny wrote: > > diff --git a/t/t7510-signed-commit.sh b/t/t7510-signed-commit.sh > > index e8377286d..86d3f93fa 100755 > > --- a/t/t7510-signed-commit.sh > > +++ b/t/t7510-signed-commit.sh > > @@ -197,9 +197,9 @@ test_expect_success GPG 'show bad signature with custom format' ' > > test_expect_success GPG 'show untrusted signature with custom format' ' > > cat >expect <<-\EOF && > > U > > - 61092E85B7227189 > > + 65A0EEA02E30CAD7 > > Eris Discordia <discord@xxxxxxxxxxx> > > - D4BE22311AD3131E5EDA29A461092E85B7227189 > > + F8364A59E07FFE9F4D63005A65A0EEA02E30CAD7 > > D4BE22311AD3131E5EDA29A461092E85B7227189 > > EOF > > git log -1 --format="%G?%n%GK%n%GS%n%GF%n%GP" eighth-signed-alt >actual && > > @@ -209,7 +209,7 @@ test_expect_success GPG 'show untrusted signature with custom format' ' > > test_expect_success GPG 'show unknown signature with custom format' ' > > cat >expect <<-\EOF && > > E > > - 61092E85B7227189 > > + 65A0EEA02E30CAD7 > > It's my understanding that GnuPG will use the most recent subkey > suitable for a particular purpose, and I think the test relies on that > behavior. However, I'm not sure that's documented. Do we want to rely > on that behavior or be more explicit? (This is a question, not an > opinion.) To be honest, I don't recall which suitable subkey is used. However, it definitely will prefer a subkey with signing capabilities over the primary key if one is present, and this is well-known and expected behavior. In fact, if you have a key with two signing subkeys A and B and it considers A better, then even if you explicitly pass keyid of B, it will use A. To force another subkey you have to append '!' to keyid. Therefore, I think this is a behavior we can rely on. -- Best regards, Michał Górny
Attachment:
signature.asc
Description: This is a digitally signed message part