Format string %G? includes state 'N', which is described as "no signature".
If you try to verify a commit or push for which you have no key (and you don't automatically fetch from the keyservers [1]), then the format string ALSO contains 'N', which is incorrect. It should be possible to differentiate between a commit/push with NO signature, and a commit/push signed with an unknown key. In the case of verifying signed pushes before accepting them, this is critical to providing a useful error message to the user. Presently, if %G? evaluates to 'N', then none of the GIT_PUSH_CERT* env vars are set. In the case of the signed push with the unknown key, they should remain set. [1] Eg, if you have an externally curated keyring and use trust-model always. -- Robin Hugh Johnson Gentoo Linux: Developer, Infrastructure Lead, Foundation Trustee E-Mail : robb...@gentoo.org GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
signature.asc
Description: Digital signature
