Documentation: clarify signature verification
authorKeller Fuchs <kellerfuchs@hashbang.sh>
Fri, 13 May 2016 09:51:01 +0000 (09:51 +0000)
committerJunio C Hamano <gitster@pobox.com>
Fri, 13 May 2016 19:37:44 +0000 (12:37 -0700)
Clarify that "merge --verify-signatures" checks the signature on the
tip commit of the history being merged.

Uniformise the vocabulary used wrt. key/signature validity with OpenPGP:
- a signature is valid if made by a key with a valid uid;
- in the default trust-model, a uid is valid if signed by a trusted key;
- a key is trusted if the (local) user set a trust level for it.

Helped-by: Junio C Hamano <gitster@pobox.com>
Signed-off-by: Keller Fuchs <KellerFuchs@hashbang.sh>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Documentation/merge-options.txt
Documentation/pretty-formats.txt
index f08e9b80c562faa1de2408cd4cfdb7253d3be1f2..30808a01e7657164618c18182704768e2df0d37e 100644 (file)
@@ -89,8 +89,11 @@ option can be used to override --squash.
 
 --verify-signatures::
 --no-verify-signatures::
-       Verify that the commits being merged have good and trusted GPG signatures
-       and abort the merge in case they do not.
+       Verify that the tip commit of the side branch being merged is
+       signed with a valid key, i.e. a key that has a valid uid: in the
+       default trust model, this means the signing key has been signed by
+       a trusted key.  If the tip commit of the side branch is not signed
+       with a valid key, the merge is aborted.
 
 --summary::
 --no-summary::
index 671cebd95c36f2dc6e17fb599219e305a567bc55..29b19b992f2e652d6fc9258cbd64cad51f86c2ef 100644 (file)
@@ -143,8 +143,8 @@ ifndef::git-rev-list[]
 - '%N': commit notes
 endif::git-rev-list[]
 - '%GG': raw verification message from GPG for a signed commit
-- '%G?': show "G" for a Good signature, "B" for a Bad signature, "U" for a good,
-  untrusted signature and "N" for no signature
+- '%G?': show "G" for a good (valid) signature, "B" for a bad signature,
+  "U" for a good signature with unknown validity and "N" for no signature
 - '%GS': show the name of the signer for a signed commit
 - '%GK': show the key used to sign a signed commit
 - '%gD': reflog selector, e.g., `refs/stash@{1}`