From c57e501c51d6b76ce30658b94ee4a5dc6ac27f3e Mon Sep 17 00:00:00 2001 From: Alexander Hirsch <1zeeky@gmail.com> Date: Fri, 20 May 2016 23:00:54 +0200 Subject: pull: warn on --verify-signatures with --rebase git-pull silently ignores the --verify-signatures option when running --rebase, potentially leaving users in the belief that the rebase operation would check for valid GPG signatures. Implementing --verify-signatures for git-rebase was talked about, but doubts for a valid workflow rose up. Since you usually merge other's branches into your branch you might have an interest that their side has a valid GPG signature. Rebasing, on the other hand, is to rebuild your branch on top of other's work, in order to push the result back, and it is too late to reject their work even if you find their commits lack acceptable signature. Let's warn users that the --verify-signatures option is ignored during "pull --rebase"; users do not wonder what would happen if their commits lack acceptable signature that way. Signed-off-by: Alexander Hirsch <1zeeky@gmail.com> Signed-off-by: Junio C Hamano --- builtin/pull.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'builtin/pull.c') diff --git a/builtin/pull.c b/builtin/pull.c index 1d7333c8a1..897a7f4e4e 100644 --- a/builtin/pull.c +++ b/builtin/pull.c @@ -815,6 +815,9 @@ static int run_rebase(const unsigned char *curr_head, argv_array_push(&args, "--no-autostash"); else if (opt_autostash == 1) argv_array_push(&args, "--autostash"); + if (opt_verify_signatures && + !strcmp(opt_verify_signatures, "--verify-signatures")) + warning(_("ignoring --verify-signatures for rebase")); argv_array_push(&args, "--onto"); argv_array_push(&args, sha1_to_hex(merge_head)); -- cgit v1.2.1