Sean Whitton writes ("Re: Bug#1091868: debian-policy: Document Git-Tag-Tagger
and Git-Tag-Info fields"):
> It's from the VALIDSIG line as documented here:
> <https://github.com/gpg/gnupg/blob/master/doc/DETAILS>.
>
> The text there doesn't guarantee that the fingerprint will be the
> signing subkey, if there is one, but somewhat implies that it will be.
>
> I'm not sure we want to tie ourselves down in the way that you are
> suggesting. What do you think, Ian
How about we just reference that? (I know we're trying to get away
from gnupg, but I don't want to get hung up on this, here.)
Ian.
--
Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own.
Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.
