development/git
development/git
1
0
Fork 0
mirror of https://github.com/git/git synced 2024-09-17 23:41:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

ssh signing: clarify trustlevel usage in docs

Browse source 
facca53ac added verification for ssh signatures but incorrectly
described the usage of gpg.minTrustLevel. While the verifications
trustlevel is stil set to fully or undefined depending on if the key is
known or not it has no effect on the verification result. Unknown keys
will always fail verification. This commit updates the docs to match
this behaviour.

Signed-off-by: Fabian Stelzer <fs@gigacodes.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Fabian Stelzer 2021-10-13 09:51:07 +02:00 committed by Junio C Hamano
parent 9d12546de9
commit 9fb391bff9
1 changed files with 1 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Documentation/config/gpg.txt
View file

@ -52,9 +52,7 @@ gpg.ssh.allowedSignersFile::
SSH has no concept of trust levels like gpg does. To be able to differentiate
between valid signatures and trusted signatures the trust level of a signature
verification is set to `fully` when the public key is present in the allowedSignersFile.
Therefore to only mark fully trusted keys as verified set gpg.minTrustLevel to `fully`.
Otherwise valid but untrusted signatures will still verify but show no principal
name of the signer.
Otherwise the trust level is `undefined` and git verify-commit/tag will fail.
+
This file can be set to a location outside of the repository and every developer
maintains their own trust store. A central repository server could generate this