Community
Participate
Working Groups
Steps to reproduce: 1. Ensure that there are no GPG keys in pubring.kbx 2. Generate a GPG key in pubring.kbx using the email address example@example.com and the name Example 3. Use CommitCommand to create a commit final CommitCommand commit = git.commit(); commit.setAuthor("Example", "e"); commit.setCommitter("Example", "e"); commit.setMessage("Signing should fail"); commit.setCredentialsProvider(new CustomCredentialsProvider()); commit.setSign(true); commit.call(); Expected behaviour: * An exception is thrown to indicate that there are no user id's found. Actual behaviour: * Commit is signed by example@example.com Cause: The method findPublicKeyByUserId in the class BouncyCastleGpgKeyLocator will return the first key where the commit author email address is contained in the userId for the keyblob. This means that the following commit authors would match "Example <example@example.com>": * "@" * "e@e" * "" * " " * "<" etc. Of these I believe that empty string and space are the most confusing. The effect on EGit is that if someone has set their committer without an email address they will sign their commits with the first available key even if the key has an email address. I can create a patch / pull request if it would be useful.
If you can push a correction to Gerrit that would certainly be useful.
New Gerrit change created: https://git.eclipse.org/r/151454
Gerrit change https://git.eclipse.org/r/151454 was merged to [master]. Commit: http://git.eclipse.org/c/jgit/jgit.git/commit/?id=6a39da37fefd036929df9e63bf42875abd028b1f