On Mon, Apr 22, 2019 at 12:02:11PM -0400, Jeff King wrote: > On Mon, Apr 22, 2019 at 11:46:56AM -0400, Santiago Torres Arias wrote: > > > > In some ways I'm less concerned about verify-tag, though, because the > > > point is that it should be scriptable. And scraping gpg's stderr is not > > > ideal there. We should be parsing --status-fd ourselves and making the > > > result available via format specifier, similar to the way "log > > > --format=%G?" works. > > > > I think that would be great, as we could make it simpler for verifiers > > to parse gpg output. > > Alternatively, we could make it an option to dump the --status-fd output > to stderr (or to a custom fd). That still leaves the caller with the > responsibility to parse gpg's output, but at least they're parsing the > machine-readable bits and not the regular human-readable stderr. Don't we already have that for verify-tag and verify-commit? I recall adding "--raw" for that very reason: genre ok % git verify-tag --raw v2.21.0 [GNUPG:] NEWSIG [GNUPG:] KEYEXPIRED 1442879137 [GNUPG:] KEYEXPIRED 1505842336 [GNUPG:] KEY_CONSIDERED 96E07AF25771955980DAD10020D04E5A713660A7 0 [GNUPG:] KEYEXPIRED 1442879137 [GNUPG:] SIG_ID NZHib/GfN4TzXBhuI9ABwYXqluE 2019-02-24 1551023739 [GNUPG:] KEYEXPIRED 1442879137 [GNUPG:] KEYEXPIRED 1505842336 [GNUPG:] KEY_CONSIDERED 96E07AF25771955980DAD10020D04E5A713660A7 0 [GNUPG:] KEYEXPIRED 1442879137 [GNUPG:] KEYEXPIRED 1505842336 [GNUPG:] KEY_CONSIDERED 96E07AF25771955980DAD10020D04E5A713660A7 0 [GNUPG:] EXPKEYSIG B0B5E88696AFE6CB Junio C Hamano [GNUPG:] KEYEXPIRED 1442879137 [GNUPG:] KEYEXPIRED 1505842336 [GNUPG:] KEY_CONSIDERED 96E07AF25771955980DAD10020D04E5A713660A7 0 [GNUPG:] KEYEXPIRED 1442879137 [GNUPG:] KEYEXPIRED 1505842336 [GNUPG:] KEY_CONSIDERED 96E07AF25771955980DAD10020D04E5A713660A7 0 [GNUPG:] VALIDSIG E1F036B1FEE7221FC778ECEFB0B5E88696AFE6CB 2019-02-24 1551023739 0 4 0 1 8 00 96E07AF25771955980DAD10020D04E5A713660A7 [GNUPG:] KEYEXPIRED 1442879137 [GNUPG:] KEYEXPIRED 1505842336 [GNUPG:] KEY_CONSIDERED 96E07AF25771955980DAD10020D04E5A713660A7 0 [GNUPG:] KEYEXPIRED 1442879137 [GNUPG:] KEYEXPIRED 1505842336 [GNUPG:] KEY_CONSIDERED 96E07AF25771955980DAD10020D04E5A713660A7 0 [GNUPG:] KEYEXPIRED 1442879137 [GNUPG:] KEYEXPIRED 1505842336 [GNUPG:] KEY_CONSIDERED 96E07AF25771955980DAD10020D04E5A713660A7 0 [GNUPG:] TOFU_USER 96E07AF25771955980DAD10020D04E5A713660A7 gitster@pobox.com [GNUPG:] TOFU_STATS 2 1 0 auto 1555974073 1555974073 0 0 2 1 0 [GNUPG:] TOFU_STATS_LONG gitster@pobox.com: Verified 1~signature in the past 0~seconds. Encrypted%0A0 messages. [GNUPG:] TOFU_USER 96E07AF25771955980DAD10020D04E5A713660A7 jch@google.com [GNUPG:] TOFU_STATS 2 1 0 auto 1555974073 1555974073 0 0 2 1 0 [GNUPG:] TOFU_STATS_LONG jch@google.com: Verified 1~signature in the past 0~seconds. Encrypted 0%0Amessages. [GNUPG:] TOFU_USER 96E07AF25771955980DAD10020D04E5A713660A7 junio@pobox.com [GNUPG:] TOFU_STATS 2 1 0 auto 1555974073 1555974073 0 0 2 1 0 [GNUPG:] TOFU_STATS_LONG junio@pobox.com: Verified 1~signature in the past 0~seconds. Encrypted%0A0 messages. [GNUPG:] VERIFICATION_COMPLIANCE_MODE 23 The idea was that users might want to restrict signatures to using subkeys or certain algorithms or what-have-you, and this was the easiest way to let people have all of that power. -- brian m. carlson: Houston, Texas, US OpenPGP: https://keybase.io/bk2204