Skip to content

Commit 279906d

Browse files
committed
Don't include PGP signatures of commits in messages
When creating a pull request or using a commit message in any way, if the commit was PGP-signed and the user had git configured to always show signatures (`git config log.showsignature=true`), then the message would include the signature verification text, which is not really something you usually want to include. Now `--no-show-signature` is always used when retrieving commit messages.
1 parent ad7b41d commit 279906d

File tree

2 files changed

+13
-2
lines changed

2 files changed

+13
-2
lines changed

git-hub

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1447,7 +1447,8 @@ class PullUtil (IssueUtil):
14471447
'branch.%s.description' % branch_name, '', '')
14481448
if msg:
14491449
return msg
1450-
return git('log -1 --pretty=format:%s%n%n%b ' + branch_ref)
1450+
return git('log -1 --no-show-signature --pretty=format:%s%n%n%b '
1451+
+ branch_ref)
14511452

14521453
@classmethod
14531454
def get_local_remote_heads(cls, parser, args):
@@ -1967,7 +1968,8 @@ class RebaseCmd (PullUtil):
19671968
head_hash = git('rev-parse FETCH_HEAD')
19681969
cls.git_fetch(base_url, base_ref)
19691970
base_hash = git('rev-parse FETCH_HEAD')
1970-
parents = git('show --quiet --format=%P ' + head_hash).split()
1971+
parents = git('show --quiet --no-show-signature --format=%P '
1972+
+ head_hash).split()
19711973
is_merge = len(parents) > 1
19721974
# Last commit is a merge commit, so ask the user to merge instead
19731975
if is_merge:

relnotes/pgp-signatures.bug.md

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
### PGP signatures of commits are not included in messages anymore
2+
3+
When creating a pull request or using a commit message in any way, if the
4+
commit was PGP-signed and the user had git configured to always show signatures
5+
(`git config log.showsignature=true`), then the message would include the
6+
signature verification text, which is not really something you usually want to
7+
include.
8+
9+
Now `--no-show-signature` is always used when retrieving commit messages.

0 commit comments

Comments
 (0)