gpgsig in git can also be SSH signature instead of OpenGPG

[castedo]

specification/Chapters/5.Core_identifiers.md

Line 94 in 5c0717c

- extra headers (ordered list of byte key/value pairs): arbitrary additional metadata attached to the revision. The key must not contain the ASCII bytes for the space or LF characters; commonly used keys are a string of non-whitespace printable ASCII characters, such as `"encoding"` (where the value is interpreted as the encoding of the message field) or `"gpgsig"` (where the value is interpreted as an OpenPGP signature of the metadata of the revision).

This line reads or "gpgsig" (where the value is interpreted as an OpenPGP signature of the metadata of the revision). However, the gpgsig is a bit of a misnomer now in that the signature can be SSH or x509 signatures too. See https://git-scm.com/docs/gitformat-signature

Perhaps better to just say a "cryptographic signature" rather than "OpenPGP signature".

[zacchiro]

PR welcome!

[castedo]

OK, sounds good. I will do a PR.

@zacchiro I am torn between

a tiny teeny change: an OpenPGP signature of -> a cryptographic signature of

VS

a bigger change: an OpenPGP signature of -> an ASCII armor encoded cryptographic signature of

Any thoughts?

I am inclined to go for the bigger one.

[zacchiro]

It's an example, so I don't think it matters much which one. But for what is worth I like the first one more, because it's easier to read/understand for the intended public.

[rdicosmo]

Merged #49