"Robert Morgan via GitGitGadget" <[email protected]> writes:
> diff --git a/Documentation/config/gpg.txt b/Documentation/config/gpg.txt
> index f999f8ea49..cce2c89245 100644
> --- a/Documentation/config/gpg.txt
> +++ b/Documentation/config/gpg.txt
> @@ -2,7 +2,7 @@ gpg.program::
> Use this custom program instead of "`gpg`" found on `$PATH` when
> making or verifying a PGP signature. The program must support the
> same command-line interface as GPG, namely, to verify a detached
> - signature, "`gpg --verify $file - <$signature`" is run, and the
> + signature, "`gpg --verify $signature - <$file`" is run, and the
> program is expected to signal a good signature by exiting with
> code 0, and to generate an ASCII-armored detached signature, the
> standard input of "`gpg -bsau $key`" is fed with the contents to be
Wow. Good find.
gpg-interface.c::verify_signed_buffer() takes a detached signature
in core, writes it to a temporary file and runs
gpg --status-fd=1 --verify $the_temporary_file
and the payload that is supposed to match the given signature is fed
via the standard input, so the above documentation is the only thing
that needs fixing, which is good ;-)
Thanks.
