Michael J Gruber wrote:
> Currently, git expects "-----BEGIN PGP SIGNATURE-----" at the beginning of a
> signature. But gpg uses "MESSAGE" instead of "SIGNATURE" when used with
> the "rfc1991" option. This leads to git's faling to verify it's own
> signed tags.
>
> Be more lenient and take "-----BEGIN PGP " as the indicator.

Another way to go might be to add --gnupg (or --openpgp) to the gpg
options used for tagging.  That overrides an option like rfc1991 in
the gnupg config file.

Whether that's preferable to accepting these older-style messages is
debatable.  Using rfc1991 implies pgp-2.x compatibility, which means
using md5 as the algorithm.  It could be seen as a weakness to accept
such signatures.

(Oh, and you probably saw this already, but s/faling/failing. ;)

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The best cure for insomnia is to get a lot of sleep.
    -- W.C. Fields