On Mon, Apr 22, 2019 at 11:07:01PM +0000, brian m. carlson wrote: > On Mon, Apr 22, 2019 at 12:02:11PM -0400, Jeff King wrote: > > On Mon, Apr 22, 2019 at 11:46:56AM -0400, Santiago Torres Arias wrote: > > > > > > In some ways I'm less concerned about verify-tag, though, because the > > > > point is that it should be scriptable. And scraping gpg's stderr is not > > > > ideal there. We should be parsing --status-fd ourselves and making the > > > > result available via format specifier, similar to the way "log > > > > --format=%G?" works. > > > > > > I think that would be great, as we could make it simpler for verifiers > > > to parse gpg output. > > > > Alternatively, we could make it an option to dump the --status-fd output > > to stderr (or to a custom fd). That still leaves the caller with the > > responsibility to parse gpg's output, but at least they're parsing the > > machine-readable bits and not the regular human-readable stderr. > > Don't we already have that for verify-tag and verify-commit? I recall > adding "--raw" for that very reason: Heh. Today I learned about "--raw". :) Thanks for pointing it out. I do still think it would be nice for some cases to have --format specifiers to get the basic info, but I am glad that we already have a reasonable method that scripts can use. It might make sense to make it available from the git-tag porcelain, too, but since the point is scripting, I'm not sure it's all that important. It looks like using "--format" suppresses it, too, which we'd probably want to fix (presumably it's the same as the fix for the non-raw output). > The idea was that users might want to restrict signatures to using > subkeys or certain algorithms or what-have-you, and this was the easiest > way to let people have all of that power. Yeah, that makes perfect sense. -Peff
