Fabian Stelzer <fs@xxxxxxxxxxxx> writes: > This behaviour changed during patch review and documentation no longer > matched it. > --- Thanks, you'd need to sign-off, to make this a standalone bugfix patch. > Documentation/config/gpg.txt | 4 +--- > 1 file changed, 1 insertion(+), 3 deletions(-) > > diff --git a/Documentation/config/gpg.txt b/Documentation/config/gpg.txt > index 51a756b2f1..4f30c7dbdd 100644 > --- a/Documentation/config/gpg.txt > +++ b/Documentation/config/gpg.txt > @@ -52,9 +52,7 @@ gpg.ssh.allowedSignersFile:: > SSH has no concept of trust levels like gpg does. To be able to differentiate > between valid signatures and trusted signatures the trust level of a signature > verification is set to `fully` when the public key is present in the allowedSignersFile. > -Therefore to only mark fully trusted keys as verified set gpg.minTrustLevel to `fully`. > -Otherwise valid but untrusted signatures will still verify but show no principal > -name of the signer. > +Otherwise the trust level is `undefined` and git verify-commit/tag will fail. > + > This file can be set to a location outside of the repository and every developer > maintains their own trust store. A central repository server could generate this
