"brian m. carlson" <sandals@xxxxxxxxxxxxxxxxxxxx> writes: > On 2021-11-11 at 09:16:52, Jeff King wrote: >> On Wed, Nov 10, 2021 at 02:11:29PM -0800, Junio C Hamano wrote: >> .... >> > + * In addition to GnuPG, ssh public crypto can be used for object and >> > + push-cert signing. Note that this feature cannot be used with >> > + ssh-keygen from OpenSSH 8.7, whose support for it is broken. Avoid >> > + using it unless you update to OpenSSH 8.8. >> >> Attaching to the existing gpg-ssh release note like this makes perfect >> sense to me. Thanks for tying this one up. > > Since this now affects running the testsuite on Debian unstable, we > probably need to also fix the testsuite such that the GPGSSH > prerequisite fails if we're using OpenSSH 8.7 so that developers and > distros aren't negatively affected. Yes, I think YYtgD8VT/0vuIHRX@xxxxxxxxxxxxxxxxxxxxxxx is a good thing to have, which is ca7a5bf4 (t/lib-gpg: avoid broken versions of ssh-keygen, 2021-11-10) that was merged a few days ago. Thanks for being extra careful.
