On Sun, Oct 30, 2011 at 3:05 AM, James Bottomley
> You can fix this by using mime and detached signatures as well but I
> wouldn't worry too much about it. What emerged at KS is that Linus uses
> gmail and gmail has no integration with pgp, thus pgp signing of pull
> requests is superfluous since Linus won't add the steps of saving the
> message to a text file and manually running pgp over it to verify
> because of the huge elongation in workflow this causes especially during
> a merge window.
Actually, I have been running "gpg --verify" on the email that use the
standard PGP encapsulation (ie the kind that Jeff used, that has
"-----BEGIN PGP SIGNED MESSAGE-----" in it.
It's the rfc3516-type email (aka protocol="application/pgp-encrypted")
type that I can't even verify, because that's not something that gpg
knows inherently how to check: you have to decode the message the
right way and know what the rules are, and I have no intention of
trying to figure it out. I have yet to find any usable tool that is
able to check it, and I'm certainly not going to waste time trying to
parse the rfc and write my own.
That said, even the "BEGIN PGP SIGNED MESSAGE" things are a massive
pain in the butt. We need to automate this some sane way, both for the
sender and for the recipient.
To unsubscribe from this list: send the line "unsubscribe linux-ide" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html