[Pkg-gnupg-maint] Bug#494040: gpgv: Unintelligible (behaviour and) error messages.
Werner Koch
wk at gnupg.org
Thu Aug 7 11:29:14 UTC 2008
On Thu, 7 Aug 2008 09:32, kibi at debian.org said:
> I don't understand why, when the point is about verifying signatures (as
> stated in the whatis entry). Why does it have to assume they are
> trustworthy and then to use its very own keyring? I'd assume as a first
You need to know whether the key is really the key of the person or
entity stated in the user ID of the key. gpg uses a couple of
alternative mechanisms for this, the default is the Web of Trust.
On request by Debian I once implemented gpgv to have a simple and
straightforward mechsnism, only usable for verifying signatures. gpgv
works on a set of keys which have been compiled from another database of
trusted users and are all seen as valid, i.e. belonging to the person
claimed in the UID.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Pkg-gnupg-maint
mailing list