On Tue, Jul 31, 2018 at 10:05:22PM +0200, Vojtech Myslivec wrote:
> Hello,
> 
> me and my colleague are struggling with automation of verifying git
> repositories and we have encountered that git verify-commit and
> verify-tag accepts untrusted signatures and exit successfully.

I don't have strong feelings on your change one way or the other, but
for automation it may be useful to use the --raw flag, which gives you
the raw gpg output and much greater control.  For example, you can
require that a subkey is or is not used or require certain algorithms.

I will say that most signatures are untrusted in my experience, so
unless people are using TOFU mode or making local signatures, git will
exit nonzero for most signatures.  I think the current status is to exit
on a good signature, even if it isn't necessarily a valid signature.

I'm interested to hear others' thoughts on this.
-- 
brian m. carlson: Houston, Texas, US
OpenPGP: https://keybase.io/bk2204