Re: Signed commit regression?

[Junio C Hamano <gitster@pobox.com>]

Junio C Hamano <gitster@pobox.com> writes:

> Linus Torvalds <torvalds@linux-foundation.org> writes:
>
>> On Fri, Feb 28, 2020 at 8:44 AM Linus Torvalds
>> <torvalds@linux-foundation.org> wrote:
>>>
>>> I suspect it's due to this commit:
>>>
>>>   72b006f4bf ("gpg-interface: prefer check_signature() for GPG verification")
>>>
>>> but as mentioned I don't have the ability to really dig deeper right now.
>>
>> Never mind - I did a mindless "just revert that and test", and it
>> indeed is that commit.
>>
>> Please revert it in upstream git. The "No signature" message really is
>> horribly wrong. It's both technically entirely wrong, but it's wrong
>> from a UI standpoint too since you really need to show what the
>> missing key was.
>
> True---the messages that told you the missing piece of information
> with the original code came directly from gnupg, and the problematic
> change stopped showing that and replaced it with the generic (and
> wrong) "We tried to verify signature and it failed---it must be that
> the input did not have signature" message.
>
> It is in v2.25 already, so we'd need to revert it out of 'maint'; it
> seems to have a minimum fallout on a topic in flight, but it looks
> manageable.

I've prepared a topic to revert that commit and it is now in the
middle of 'pu'; it will get merged down to 'next', 'master' and
'maint' in due course as other topics.

Brian's SHA-256 (1/4) topic had a couple of changes that depended on
the GPG interface API from 72b006f4 ("gpg-interface: prefer
check_signature() for GPG verification", 2019-11-27), so I ejected
them out of the topic for now:

    - tag: store SHA-256 signatures in a header
    - gpg-interface: improve interface for parsing tags

In the longer term, however, we do want an updated GPG interface
layer that lets us achieve 72b006f4 wanted to, namely

 - have a single entry point into GPG interface API, so that the
   changes in the future can be centralized;

 - not to depend _too_ heavily on the GnuPG's behaviour.  The pieces
   of information that was lost from our output and made Linus upset
   was given to the end-user by us parrotting what gpg said without
   the code really understanding what is being said, and we should
   instead make our code aware of _why_ verify_signed_buffer() or
   check_signature() have failed, and make sure we report that to
   the callers.

I'd expect that there may be another round of attempt to update the
GPG interface.  Let's make sure we won't lose info given to the
end-users while doing so.

Thanks.