From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS53758 23.128.96.0/24 X-Spam-Status: No, score=-4.0 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by dcvr.yhbt.net (Postfix) with ESMTP id 45FA41F670 for ; Tue, 12 Oct 2021 17:36:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231886AbhJLRiT (ORCPT ); Tue, 12 Oct 2021 13:38:19 -0400 Received: from pb-smtp21.pobox.com ([173.228.157.53]:57072 "EHLO pb-smtp21.pobox.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230394AbhJLRiT (ORCPT ); Tue, 12 Oct 2021 13:38:19 -0400 Received: from pb-smtp21.pobox.com (unknown [127.0.0.1]) by pb-smtp21.pobox.com (Postfix) with ESMTP id 2C647163FF1; Tue, 12 Oct 2021 13:36:17 -0400 (EDT) (envelope-from junio@pobox.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=pobox.com; h=from:to:cc :subject:references:date:in-reply-to:message-id:mime-version :content-type; s=sasl; bh=7Kv8Ihh76Yid8Tfix3KJkDt1XVso69rLRo+1WS bbTPo=; b=frhrZ4AgMJwPcJ8YCRRnXMrAmS1BK65QTaCf5JDe+CqgAyB9Uw17lm biePYCCwdp4ThM+pGJrp1vFleCwgJXcU0j9RsuAjv54uaGM7pbbVZyGBm0NjcLB/ OsgEADppDNPlFq/8n2yZnC+lKoiXAPXX+05SbgItWKBxJR6AzNZdA= Received: from pb-smtp21.sea.icgroup.com (unknown [127.0.0.1]) by pb-smtp21.pobox.com (Postfix) with ESMTP id 256A3163FF0; Tue, 12 Oct 2021 13:36:17 -0400 (EDT) (envelope-from junio@pobox.com) Received: from pobox.com (unknown [104.133.2.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pb-smtp21.pobox.com (Postfix) with ESMTPSA id B1116163FEF; Tue, 12 Oct 2021 13:36:14 -0400 (EDT) (envelope-from junio@pobox.com) From: Junio C Hamano To: Fabian Stelzer Cc: git@vger.kernel.org Subject: Re: [PATCH 2/2] fixup! ssh signing: verify signatures using ssh-keygen References: <20211012092236.619822-1-fs@gigacodes.de> <20211012092236.619822-3-fs@gigacodes.de> Date: Tue, 12 Oct 2021 10:36:13 -0700 In-Reply-To: <20211012092236.619822-3-fs@gigacodes.de> (Fabian Stelzer's message of "Tue, 12 Oct 2021 11:22:36 +0200") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Pobox-Relay-ID: E612EEC2-2B82-11EC-8EFF-98D80D944F46-77302942!pb-smtp21.pobox.com Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org Fabian Stelzer writes: > This behaviour changed during patch review and documentation no longer > matched it. > --- Thanks, you'd need to sign-off, to make this a standalone bugfix patch. > Documentation/config/gpg.txt | 4 +--- > 1 file changed, 1 insertion(+), 3 deletions(-) > > diff --git a/Documentation/config/gpg.txt b/Documentation/config/gpg.txt > index 51a756b2f1..4f30c7dbdd 100644 > --- a/Documentation/config/gpg.txt > +++ b/Documentation/config/gpg.txt > @@ -52,9 +52,7 @@ gpg.ssh.allowedSignersFile:: > SSH has no concept of trust levels like gpg does. To be able to differentiate > between valid signatures and trusted signatures the trust level of a signature > verification is set to `fully` when the public key is present in the allowedSignersFile. > -Therefore to only mark fully trusted keys as verified set gpg.minTrustLevel to `fully`. > -Otherwise valid but untrusted signatures will still verify but show no principal > -name of the signer. > +Otherwise the trust level is `undefined` and git verify-commit/tag will fail. > + > This file can be set to a location outside of the repository and every developer > maintains their own trust store. A central repository server could generate this