Junio C Hamano <gitster@xxxxxxxxx> writes: > Carlo Marcelo Arenas Belón <carenas@xxxxxxxxx> writes: > >> As discussed[1] earlier, make sure there are no surprises when ssh-keygen >> crashes on some users of OpenSSH 8.7 that are trying ssh signing. >> >> [1] https://lore.kernel.org/git/xmqqsfycs21q.fsf@gitster.g/ >> >> Signed-off-by: Carlo Marcelo Arenas Belón <carenas@xxxxxxxxx> >> --- >> Documentation/RelNotes/2.34.0.txt | 3 +++ >> 1 file changed, 3 insertions(+) >> >> diff --git a/Documentation/RelNotes/2.34.0.txt b/Documentation/RelNotes/2.34.0.txt >> index effab2ea4b..54dcc7240d 100644 >> --- a/Documentation/RelNotes/2.34.0.txt >> +++ b/Documentation/RelNotes/2.34.0.txt >> @@ -8,6 +8,9 @@ Backward compatibility notes >> >> * The "--preserve-merges" option of "git rebase" has been removed. >> >> + * The upcoming ssh signing feature is broken if used together with >> + OpenSSH 8.7, avoid using it if you cannot update to OpenSSH 8.8 >> + (or stay at 8.6) > > That may be correct, but it is NOT a backward compatibility note. So, here is what I plan to do. diff --git c/Documentation/RelNotes/2.34.0.txt w/Documentation/RelNotes/2.34.0.txt index effab2ea4b..6ed8b92e10 100644 --- c/Documentation/RelNotes/2.34.0.txt +++ w/Documentation/RelNotes/2.34.0.txt @@ -77,7 +77,10 @@ UI, Workflows & Features * "git fsck" has been taught to report mismatch between expected and actual types of an object better. - * Use ssh public crypto for object and push-cert signing. + * In addition to GnuPG, ssh public crypto can be used for object and + push-cert signing. Note that this feature cannot be used with + ssh-keygen from OpenSSH 8.7, whose support for it is broken. Avoid + using it unless you update to OpenSSH 8.8. * "git log --grep=string --author=name" learns to highlight hits just like "git grep string" does.
