)]}'
{
  "commit": "b624a3e67f498cb41f704c9bd28e7d53076611c8",
  "tree": "6b865e076510fcf5c2d55b7855040bfa47997a33",
  "parents": [
    "0b65a8dbdb38962e700ee16776a3042beb489060"
  ],
  "author": {
    "name": "Linus Torvalds",
    "email": "torvalds@linux-foundation.org",
    "time": "Tue Aug 16 13:10:24 2016 -0700"
  },
  "committer": {
    "name": "Junio C Hamano",
    "email": "gitster@pobox.com",
    "time": "Tue Aug 16 15:02:22 2016 -0700"
  },
  "message": "gpg-interface: prefer \"long\" key format output when verifying pgp signatures\n\nYes, gpg2 already uses the long format by default, but most\ndistributions seem to still have \"gpg\" be the older 1.x version due to\ncompatibility reasons.  And older versions of gpg only show the 32-bit\nshort ID, which is quite insecure.\n\nThis doesn\u0027t actually matter for the _verification_ itself: if the\nverification passes, the pgp signature is good.  But if you don\u0027t\nactually have the key yet, and want to fetch it, or you want to check\nexactly which key was used for verification and want to check it, we\nshould specify the key with more precision.\n\nIn fact, we should preferentially specify the whole key fingerprint, but\ngpg doesn\u0027t actually support that.  Which is really quite sad.\n\nShowing the \"long\" format improves things to at least show 64 bits of\nthe fingerprint.  That\u0027s a lot better, even if it\u0027s not perfect.\n\nThis change the log format for \"git log --show-signature\" from\n\n    commit 2376d31787760af598db23bb3982a57419854e5c\n    merged tag \u0027v2.9.3\u0027\n    gpg: Signature made Fri 12 Aug 2016 09:17:59 AM PDT using RSA key ID 96AFE6CB\n    gpg: Good signature from \"Junio C Hamano \u003cgitster@pobox.com\u003e\"\n    gpg:                 aka \"Junio C Hamano \u003cjch@google.com\u003e\"\n    gpg:                 aka \"Junio C Hamano \u003cjunio@pobox.com\u003e\"\n    Merge: 2807cd7b25af e0c1ceafc5be\n    Author: Junio C Hamano \u003cgitster@pobox.com\u003e\n    Date:   Fri Aug 12 10:02:18 2016 -0700\n\nto\n\n    commit 2376d31787760af598db23bb3982a57419854e5c\n    merged tag \u0027v2.9.3\u0027\n    gpg: Signature made Fri 12 Aug 2016 09:17:59 AM PDT\n    gpg:                using RSA key B0B5E88696AFE6CB\n    gpg: Good signature from \"Junio C Hamano \u003cgitster@pobox.com\u003e\"\n    gpg:                 aka \"Junio C Hamano \u003cjch@google.com\u003e\"\n    gpg:                 aka \"Junio C Hamano \u003cjunio@pobox.com\u003e\"\n    Merge: 2807cd7b25af e0c1ceafc5be\n    Author: Junio C Hamano \u003cgitster@pobox.com\u003e\n    Date:   Fri Aug 12 10:02:18 2016 -0700\n\n(note the longer key ID, but also the reflowing of the text) and also\nchanges the format in the merge messages when merging a signed\ntag.\n\nIf you already use gpg2 (either because it\u0027s installed by default, or\nbecause you have set your gpg_program configuration to point to gpg2),\nthat already used the long format, you\u0027ll also see a change: it will now\nhave the same formatting as gpg 1.x, and the verification string looks\nsomething like\n\n    gpg: Signature made Sun 24 Jul 2016 12:24:02 PM PDT\n    gpg:                using RSA key 79BE3E4300411886\n    gpg: Good signature from \"Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\" [ultimate]\n\nwhere it used to be on one line:\n\n    gpg: Signature made Sun 24 Jul 2016 12:24:02 PM PDT using RSA key ID 79BE3E4300411886\n    gpg: Good signature from \"Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\" [ultimate]\n\nso there is certainly a chance this could break some automated scripting.\nBut the 32-bit key ID\u0027s really are broken. Also note that because of the\ndifferences between gpg-1.x and gpg-2.x, hopefully any scripted key ID\nparsing code (if such code exists) is already flexible enough to not care.\n\nThis was triggered by the fact that the \"evil32\" project keys ended up\nleaking to the public key servers, so now there are 32-bit aliases for\njust about every open source developer that you can easily get by\nmistake if you use the 32-bit short ID format.\n\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\nSigned-off-by: Junio C Hamano \u003cgitster@pobox.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "3dc2fe397e32d79713780596f0ef4666c14b5955",
      "old_mode": 33188,
      "old_path": "gpg-interface.c",
      "new_id": "f6d9d872709b4c883b8d6ba0c8ca067f98f20195",
      "new_mode": 33188,
      "new_path": "gpg-interface.c"
    }
  ]
}