Re: [PATCH v4 3/5] merge/pull: verify GPG signatures of commits being merged

Sebastian Götte writes: > When --verify-signatures is specified on the command-line of git-merge > or git-pull, check whether the commits being merged have good gpg > signatures and abort the merge in case they do not. This allows e.g. > auto-deployment from untrusted repo hosts. > > Signed-off-b

[PATCH v4 3/5] merge/pull: verify GPG signatures of commits being merged

When --verify-signatures is specified on the command-line of git-merge or git-pull, check whether the commits being merged have good gpg signatures and abort the merge in case they do not. This allows e.g. auto-deployment from untrusted repo hosts. Signed-off-by: Sebastian Götte --- Documentatio