Michał Górny <mgorny@xxxxxxxxxx> writes: > Just a suggestion: since the raw signature is not very useful without > the commit data to check it against, and the commit data is non-trivial > to construct (requires mangling raw data anyway), maybe you could either > add another placeholder to get the data for signature verification, or > (alternatively or simultaneously) add a placeholder that prints both > data and signature in the OpenPGP message format (i.e. something you can > pass straight to 'gpg --verify'). Yeah, the last would be the most usable; anything short of that, I have to suspect that going from "cat-file commit", rather than using this new %Gsomething placeholder, would be more practical.
