Fix disambiguation example commands for short hash URI version. Since the existing check could suceed with a short hash resolving to any type of object (e.g. a blob or tree in a commit). So, ensure that the full hash names a commit object.
Indicate some site config values which should not contain newlines. This backwards-compatible change clarifies what to do in situations where a newline in the value may be acceptable in theory (e.g. within values which may map to a file name or path components), but so infrequent (or even possibly malicious) that implementations may choose not to support them at all.
When to discard selected but illegal configuration values. The reason for this clarification (and the previous one) is to convey that there may be two steps to configuration value checking: a general one regarding sizes and arity, and another one specific to the value when it is to be used.
What to do with selected but illegal configuration values.
Rearrange passage on configuration value arity, for readabiity.
Note that `remote` and `alt` config values must not be empty.
What to do when multiple config value is assigned too many times.
Taking last occurrence of single conf value is normal Git behavior. Note it in a comment.
Add support for URI-embedded locations. This is a somewhat breaking change since clients must remove such locations from URIs before continuing processing. However, the probability of finding such a fragment in the wild should be very small. Close the associated issue `support-uri-embedded-remote`.
Use "verify" for PGP signatures, "check" otherwise.
Add issue on supporting URI-embedded remote. From a discussion with Matograine on the gwit-spec mailing list.
Fix reference to site update steps in alt check for site keys.
Require that `self.key` contains a single primary PGP key. Besides preventing cluttering the client's keyring with extraneous PGP keys, this requirement reduces the chances of malicious clones tricking clients without much security hardening into adding extraneous keys that may then be used to create invalid signatures that may pass some weak verifications. The check for a single PGP key has also been added as an extra step in the site update procedure, to avoid merging changes into other keys.
Use `0x` prefix for signing key in alt commit verification commands. For greater safety when choosing the key to be listed by `gpg`.
Ensure that all `gpg` example commands set a GnuPG home directory. Not very important for read-only commands, but it prevents the side-effect of `gpg` creating `~/.gnupg` if it does not exist.
Clarify how relative links resolve in the context of versioned URIs. From a discussion with tom.ngr@zaclys.net in the gwit-spec list.
Add example commands for handling malicious references.
Fix typo in security considerations section.
Set `GNUPGHOME` environment variable when Git verifies signatures. To ensure that it accesses the client's GnuPG keyring. Give it the `<CLIENT-GPG-DIR>` pseudo-variable value used elsewhere.
Use less confusing example for gwit site branch name. Which is now clearly the end of the `0xfed...ef76543210` example ID used elsewhere, instead of the end of the other ID `0x012...effedcba98`, which happened to end like the beginning of the first one, hence the possible confusion. The end of the first example ID does not clash with the beginning nor the end of the second one.