[pull] gh-pages from git:gh-pages

RelNotes/2.51.0.adoc

@@ -47,6 +47,12 @@ UI, Workflows & Features
    service names (like smtp) in addition to the numeric port numbers
    (like 25).
 
+ * Lift the limitation to use changed-path filter in "git log" so that
+   it can be used for a pathspec with multiple literal paths.
+
+ * Clean up the way how signature on commit objects are exported to
+   and imported from fast-import stream.
+
 
 Performance, Internal Implementation, Development Support etc.
 --------------------------------------------------------------
@@ -91,6 +97,12 @@ Performance, Internal Implementation, Development Support etc.
  * Flipping the default hash function to SHA-256 at Git 3.0 boundary
    is planned.
 
+ * Declare weather-balloon we raised for "bool" type 18 months ago a
+   success and officially allow using the type in our codebase.
+
+ * GIT_TEST_INSTALLED was not honored in the recent topic related to
+   SHA256 hashes, which has been corrected.
+
 
 Fixes since v2.50
 -----------------
@@ -195,6 +207,24 @@ including security updates, are included in this release.
    expansion.
    (merge 7d275cd5c0 jb/gpg-program-variable-is-a-pathname later to maint).
 
+ * Our <sane-ctype.h> header file relied on that the system-supplied
+   <ctype.h> header is not later included, which would override our
+   macro definitions, but "amazon linux" broke this assumption.  Fix
+   this by preemptively including <ctype.h> near the beginning of
+   <sane-ctype.h> ourselves.
+   (merge 9d3b33125f ps/sane-ctype-workaround later to maint).
+
+ * Clean-up compat/bswap.h mess.
+   (merge f4ac32c03a ss/compat-bswap-revamp later to maint).
+
+ * Meson-based build did not handle libexecdir setting correctly,
+   which has been corrected.
+   (merge 056dbe8612 rj/meson-libexecdir-fix later to maint).
+
+ * Document that we do not require "real" name when signing your
+   patches off.
+   (merge 1f0fed312a bc/contribution-under-non-real-names later to maint).
+
  * Other code cleanup, docfix, build fix, etc.
    (merge b257adb571 lo/my-first-ow-doc-update later to maint).
    (merge 8b34b6a220 ly/sequencer-update-squash-is-fixup-only later to maint).
@@ -220,3 +250,4 @@ including security updates, are included in this release.
    (merge ad7780b38f ps/doc-pack-refs-auto-with-files-backend-fix later to maint).
    (merge f4fa8a3687 rh/doc-glob-pathspec-fix later to maint).
    (merge b27be108c8 ja/doc-git-log-markup later to maint).
+   (merge 14d7583beb pw/config-kvi-remove-path later to maint).

SubmittingPatches.adoc

@@ -408,8 +408,15 @@ your patch differs from project to project, so it may be different
 from that of the project you are accustomed to.
 
 [[real-name]]
-Also notice that a real name is used in the `Signed-off-by` trailer. Please
-don't hide your real name.
+Please use a known identity in the `Signed-off-by` trailer, since we cannot
+accept anonymous contributions. It is common, but not required, to use some form
+of your real name. We realize that some contributors are not comfortable doing
+so or prefer to contribute under a pseudonym or preferred name and we can accept
+your patch either way, as long as the name and email you use are distinctive,
+identifying, and not misleading.
+
+The goal of this policy is to allow us to have sufficient information to contact
+you if questions arise about your contribution.
 
 [[commit-trailers]]
 If you like, you can put extra trailers at the end:

SubmittingPatches.html

@@ -961,8 +961,16 @@ <h3 id="sign-off">Certify your work by adding your <code>Signed-off-by</code> tr
 from that of the project you are accustomed to.</p>
 </div>
 <div id="real-name" class="paragraph">
-<p>Also notice that a real name is used in the <code>Signed-off-by</code> trailer. Please
-don&#8217;t hide your real name.</p>
+<p>Please use a known identity in the <code>Signed-off-by</code> trailer, since we cannot
+accept anonymous contributions. It is common, but not required, to use some form
+of your real name. We realize that some contributors are not comfortable doing
+so or prefer to contribute under a pseudonym or preferred name and we can accept
+your patch either way, as long as the name and email you use are distinctive,
+identifying, and not misleading.</p>
+</div>
+<div class="paragraph">
+<p>The goal of this policy is to allow us to have sufficient information to contact
+you if questions arise about your contribution.</p>
 </div>
 <div id="commit-trailers" class="paragraph">
 <p>If you like, you can put extra trailers at the end:</p>
@@ -1584,7 +1592,7 @@ <h3 id="_gnus">Gnus</h3>
 </div>
 <div id="footer">
 <div id="footer-text">
-Last updated 2025-06-16 09:27:49 -0700
+Last updated 2025-07-24 21:55:32 -0700
 </div>
 </div>
 </body>

git-fast-export.adoc

@@ -50,6 +50,23 @@ resulting tag will have an invalid signature.
 	is the same as how earlier versions of this command without
 	this option behaved.
 +
+When exported, a signature starts with:
++
+gpgsig <git-hash-algo> <signature-format>
++
+where <git-hash-algo> is the Git object hash so either "sha1" or
+"sha256", and <signature-format> is the signature type, so "openpgp",
+"x509", "ssh" or "unknown".
++
+For example, an OpenPGP signature on a SHA-1 commit starts with
+`gpgsig sha1 openpgp`, while an SSH signature on a SHA-256 commit
+starts with `gpgsig sha256 ssh`.
++
+While all the signatures of a commit are exported, an importer may
+choose to accept only some of them. For example
+linkgit:git-fast-import[1] currently stores at most one signature per
+Git hash algorithm in each commit.
++
 NOTE: This is highly experimental and the format of the data stream may
 change in the future without compatibility guarantees.
 

git-fast-export.html

@@ -506,6 +506,28 @@ <h2 id="_options">OPTIONS</h2>
 <em>--signed-tags</em>, but for commits.  Default is <em>strip</em>, which
 is the same as how earlier versions of this command without
 this option behaved.</p>
+<div class="paragraph">
+<p>When exported, a signature starts with:</p>
+</div>
+<div class="paragraph">
+<p>gpgsig &lt;git-hash-algo&gt; &lt;signature-format&gt;</p>
+</div>
+<div class="paragraph">
+<p>where &lt;git-hash-algo&gt; is the Git object hash so either "sha1" or
+"sha256", and &lt;signature-format&gt; is the signature type, so "openpgp",
+"x509", "ssh" or "unknown".</p>
+</div>
+<div class="paragraph">
+<p>For example, an OpenPGP signature on a SHA-1 commit starts with
+<code>gpgsig</code> <code>sha1</code> <code>openpgp</code>, while an SSH signature on a SHA-256 commit
+starts with <code>gpgsig</code> <code>sha256</code> <code>ssh</code>.</p>
+</div>
+<div class="paragraph">
+<p>While all the signatures of a commit are exported, an importer may
+choose to accept only some of them. For example
+<a href="git-fast-import.html">git-fast-import(1)</a> currently stores at most one signature per
+Git hash algorithm in each commit.</p>
+</div>
 <div class="admonitionblock note">
 <table>
 <tr>
@@ -823,7 +845,7 @@ <h2 id="_git">GIT</h2>
 </div>
 <div id="footer">
 <div id="footer-text">
-Last updated 2025-06-02 12:42:06 -0700
+Last updated 2025-07-24 21:55:32 -0700
 </div>
 </div>
 </body>

git-fast-import.adoc

@@ -445,7 +445,7 @@ one).
 	original-oid?
 	('author' (SP <name>)? SP LT <email> GT SP <when> LF)?
 	'committer' (SP <name>)? SP LT <email> GT SP <when> LF
-	('gpgsig' SP <alg> LF data)?
+	('gpgsig' SP <algo> SP <format> LF data)?
 	('encoding' SP <encoding> LF)?
 	data
 	('from' SP <commit-ish> LF)?
@@ -518,13 +518,39 @@ their syntax.
 ^^^^^^^^
 
 The optional `gpgsig` command is used to include a PGP/GPG signature
-that signs the commit data.
+or other cryptographic signature that signs the commit data.
 
-Here <alg> specifies which hashing algorithm is used for this
-signature, either `sha1` or `sha256`.
+....
+	'gpgsig' SP <git-hash-algo> SP <signature-format> LF data
+....
+
+The `gpgsig` command takes two arguments:
+
+* `<git-hash-algo>` specifies which Git object format this signature
+  applies to, either `sha1` or `sha256`. This allows to know which
+  representation of the commit was signed (the SHA-1 or the SHA-256
+  version) which helps with both signature verification and
+  interoperability between repos with different hash functions.
+
+* `<signature-format>` specifies the type of signature, such as
+  `openpgp`, `x509`, `ssh`, or `unknown`. This is a convenience for
+  tools that process the stream, so they don't have to parse the ASCII
+  armor to identify the signature type.
+
+A commit may have at most one signature for the SHA-1 object format
+(stored in the "gpgsig" header) and one for the SHA-256 object format
+(stored in the "gpgsig-sha256" header).
+
+See below for a detailed description of the `data` command which
+contains the raw signature data.
+
+Signatures are not yet checked in the current implementation
+though. (Already setting the `extensions.compatObjectFormat`
+configuration option might help with verifying both SHA-1 and SHA-256
+object format signatures when it will be implemented.)
 
-NOTE: This is highly experimental and the format of the data stream may
-change in the future without compatibility guarantees.
+NOTE: This is highly experimental and the format of the `gpgsig`
+command may change in the future without compatibility guarantees.
 
 `encoding`
 ^^^^^^^^^^

git-fast-import.html

@@ -998,7 +998,7 @@ <h3 id="_commit"><code>commit</code></h3>
         original-oid?
         ('author' (SP &lt;name&gt;)? SP LT &lt;email&gt; GT SP &lt;when&gt; LF)?
         'committer' (SP &lt;name&gt;)? SP LT &lt;email&gt; GT SP &lt;when&gt; LF
-        ('gpgsig' SP &lt;alg&gt; LF data)?
+        ('gpgsig' SP &lt;algo&gt; SP &lt;format&gt; LF data)?
         ('encoding' SP &lt;encoding&gt; LF)?
         data
         ('from' SP &lt;commit-ish&gt; LF)?
@@ -1082,11 +1082,47 @@ <h4 id="_committer"><code>committer</code></h4>
 <h4 id="_gpgsig"><code>gpgsig</code></h4>
 <div class="paragraph">
 <p>The optional <code>gpgsig</code> command is used to include a PGP/GPG signature
-that signs the commit data.</p>
+or other cryptographic signature that signs the commit data.</p>
+</div>
+<div class="literalblock">
+<div class="content">
+<pre>        'gpgsig' SP &lt;git-hash-algo&gt; SP &lt;signature-format&gt; LF data</pre>
+</div>
+</div>
+<div class="paragraph">
+<p>The <code>gpgsig</code> command takes two arguments:</p>
+</div>
+<div class="ulist">
+<ul>
+<li>
+<p><em>&lt;git-hash-algo&gt;</em> specifies which Git object format this signature
+applies to, either <code>sha1</code> or <code>sha256</code>. This allows to know which
+representation of the commit was signed (the SHA-1 or the SHA-256
+version) which helps with both signature verification and
+interoperability between repos with different hash functions.</p>
+</li>
+<li>
+<p><em>&lt;signature-format&gt;</em> specifies the type of signature, such as
+<code>openpgp</code>, <code>x509</code>, <code>ssh</code>, or <code>unknown</code>. This is a convenience for
+tools that process the stream, so they don&#8217;t have to parse the ASCII
+armor to identify the signature type.</p>
+</li>
+</ul>
+</div>
+<div class="paragraph">
+<p>A commit may have at most one signature for the SHA-1 object format
+(stored in the "gpgsig" header) and one for the SHA-256 object format
+(stored in the "gpgsig-sha256" header).</p>
+</div>
+<div class="paragraph">
+<p>See below for a detailed description of the <code>data</code> command which
+contains the raw signature data.</p>
 </div>
 <div class="paragraph">
-<p>Here &lt;alg&gt; specifies which hashing algorithm is used for this
-signature, either <code>sha1</code> or <code>sha256</code>.</p>
+<p>Signatures are not yet checked in the current implementation
+though. (Already setting the <code>extensions.compatObjectFormat</code>
+configuration option might help with verifying both SHA-1 and SHA-256
+object format signatures when it will be implemented.)</p>
 </div>
 <div class="admonitionblock note">
 <table>
@@ -1095,8 +1131,8 @@ <h4 id="_gpgsig"><code>gpgsig</code></h4>
 <div class="title">Note</div>
 </td>
 <td class="content">
-This is highly experimental and the format of the data stream may
-change in the future without compatibility guarantees.
+This is highly experimental and the format of the <code>gpgsig</code>
+command may change in the future without compatibility guarantees.
 </td>
 </tr>
 </table>
@@ -2572,7 +2608,7 @@ <h2 id="_git">GIT</h2>
 </div>
 <div id="footer">
 <div id="footer-text">
-Last updated 2025-06-02 12:42:06 -0700
+Last updated 2025-07-24 21:55:32 -0700
 </div>
 </div>
 </body>