[Pkg-gnupg-maint] Bug#494040: gpgv: Unintelligible (behaviour and) error messages.
Cyril Brulebois
kibi at debian.org
Thu Aug 7 07:32:42 UTC 2008
Werner Koch <wk at gnupg.org> (07/08/2008):
> Do you mean the error message which probably should be "file not
> found"?
Indeed. A missing file doesn't really qualify as a “general error” to
me.
> The man page says:
>
> gpgv assumes that all keys in the keyring are trustworthy. By
> default it uses a keyring named trustedkeys.gpg which is assumed to
> be in the home directory as defined by GnuPG or set by an option or
> an environment variable. An option may be used to specify another
> keyring or even multiple keyrings.
>
> To state it more clearly: gpv does not know about secring.gpg or
> pubring.gpg, it uses its every own name for the keyring because it
> assumes that all tehse keys are trusted (like the debian keyring).
I don't understand why, when the point is about verifying signatures (as
stated in the whatis entry). Why does it have to assume they are
trustworthy and then to use its very own keyring? I'd assume as a first
guess that the point is about answering two questions: “is that a
correct signature?” and “which key was used?”.
Mraw,
KiBi.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20080807/490804e5/attachment-0001.pgp
More information about the Pkg-gnupg-maint
mailing list