[Pkg-gnupg-maint] Bug#494040: gpgv: Unintelligible (behaviour and) error messages.

Werner Koch wk at gnupg.org
Thu Aug 7 11:29:14 UTC 2008


On Thu,  7 Aug 2008 09:32, kibi at debian.org said:

> I don't understand why, when the point is about verifying signatures (as
> stated in the whatis entry). Why does it have to assume they are
> trustworthy and then to use its very own keyring? I'd assume as a first

You need to know whether the key is really the key of the person or
entity stated in the user ID of the key.  gpg uses a couple of
alternative mechanisms for this, the default is the Web of Trust.

On request by Debian I once implemented gpgv to have a simple and
straightforward mechsnism, only usable for verifying signatures.  gpgv
works on a set of keys which have been compiled from another database of
trusted users and are all seen as valid, i.e. belonging to the person
claimed in the UID.



Shalom-Salam,

   Werner


-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.






More information about the Pkg-gnupg-maint mailing list