[Pkg-gnupg-maint] Bug#494040: gpgv: Unintelligible (behaviour and) error messages.

Werner Koch wk at gnupg.org
Thu Aug 7 11:29:14 UTC 2008

On Thu,  7 Aug 2008 09:32, kibi at debian.org said:

> I don't understand why, when the point is about verifying signatures (as
> stated in the whatis entry). Why does it have to assume they are
> trustworthy and then to use its very own keyring? I'd assume as a first

You need to know whether the key is really the key of the person or
entity stated in the user ID of the key.  gpg uses a couple of
alternative mechanisms for this, the default is the Web of Trust.

On request by Debian I once implemented gpgv to have a simple and
straightforward mechsnism, only usable for verifying signatures.  gpgv
works on a set of keys which have been compiled from another database of
trusted users and are all seen as valid, i.e. belonging to the person
claimed in the UID.



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Pkg-gnupg-maint mailing list