On Sat, Jun 04, 2016 at 18:19:31 +0200, Werner Koch wrote:
> There are no issues with l10n because _all_ scripts SHOULD use gpg with
> the options --status-fd and --with-colons.  That output creates a well
> defined API and we try very hard never to break it.
> [...]
> I have never looked into git to check whether git correctly calls gpg
> to verify signatures.  That should eventually be done.

A quick glance (latest master, gpg-interface.c:208 verify_signed_buffer):

It invokes `gpg --status-fd=1 --verify FILE -`, where FILE is a
signature written to a temporary file for the sake of invoking
GPG.  It checks for a non-zero exit code and GOODSIG:

  ret |= !strstr(pbuf->buf, "\n[GNUPG:] GOODSIG ");

-- 
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
https://mikegerwitz.com
FSF Member #5804 | GPG Key ID: 0x8EE30EAB