)]}'
{
  "commit": "72b006f4bfd30b7c5037c163efaf279ab65bea9c",
  "tree": "50fdf5a566469f65c1b496efaaee77961775322e",
  "parents": [
    "67a6ea63008bcee32a239934ad29eb5c5a554509"
  ],
  "author": {
    "name": "Hans Jerry Illikainen",
    "email": "hji@dyntopia.com",
    "time": "Wed Nov 27 17:48:21 2019 +0000"
  },
  "committer": {
    "name": "Junio C Hamano",
    "email": "gitster@pobox.com",
    "time": "Sat Nov 30 13:52:35 2019 -0800"
  },
  "message": "gpg-interface: prefer check_signature() for GPG verification\n\nThis commit refactors the use of verify_signed_buffer() outside of\ngpg-interface.c to use check_signature() instead.  It also turns\nverify_signed_buffer() into a file-local function since it\u0027s now only\ninvoked internally by check_signature().\n\nThere were previously two globally scoped functions used in different\nparts of Git to perform GPG signature verification:\nverify_signed_buffer() and check_signature().  Now only\ncheck_signature() is used.\n\nThe verify_signed_buffer() function doesn\u0027t guard against duplicate\nsignatures as described by Michał Górny [1].  Instead it only ensures a\nnon-erroneous exit code from GPG and the presence of at least one\nGOODSIG status field.  This stands in contrast with check_signature()\nthat returns an error if more than one signature is encountered.\n\nThe lower degree of verification makes the use of verify_signed_buffer()\nproblematic if callers don\u0027t parse and validate the various parts of the\nGPG status message themselves.  And processing these messages seems like\na task that should be reserved to gpg-interface.c with the function\ncheck_signature().\n\nFurthermore, the use of verify_signed_buffer() makes it difficult to\nintroduce new functionality that relies on the content of the GPG status\nlines.\n\nNow all operations that does signature verification share a single entry\npoint to gpg-interface.c.  This makes it easier to propagate changed or\nadditional functionality in GPG signature verification to all parts of\nGit, without having odd edge-cases that don\u0027t perform the same degree of\nverification.\n\n[1] https://dev.gentoo.org/~mgorny/articles/attack-on-git-signature-verification.html\n\nSigned-off-by: Hans Jerry Illikainen \u003chji@dyntopia.com\u003e\nSigned-off-by: Junio C Hamano \u003cgitster@pobox.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "a4615587fd7929e8fb49e65dbda30a40b8599cfd",
      "old_mode": 33188,
      "old_path": "builtin/fmt-merge-msg.c",
      "new_id": "f7ed102d8b37294f992c3edf25156ce4f3e20c69",
      "new_mode": 33188,
      "new_path": "builtin/fmt-merge-msg.c"
    },
    {
      "type": "modify",
      "old_id": "131e7d529e9bdb480c88a01a33a3dd8339d219cd",
      "old_mode": 33188,
      "old_path": "gpg-interface.c",
      "new_id": "5134ce27806866c41d5eda19cf01110cbf7849f2",
      "new_mode": 33188,
      "new_path": "gpg-interface.c"
    },
    {
      "type": "modify",
      "old_id": "3e624ec289ab5f46b686f9eb2489c997bca23232",
      "old_mode": 33188,
      "old_path": "gpg-interface.h",
      "new_id": "93cc3aff5c93ce8fa19aadea909960f9267edbdc",
      "new_mode": 33188,
      "new_path": "gpg-interface.h"
    },
    {
      "type": "modify",
      "old_id": "1e56df62a79c0d221fa55ba351b6b16f8027d12b",
      "old_mode": 33188,
      "old_path": "log-tree.c",
      "new_id": "aa6b038adb1f2bf58ceba1e4a367a7e3bb6553e0",
      "new_mode": 33188,
      "new_path": "log-tree.c"
    }
  ]
}