[Pkg-gnupg-maint] Bug#560695: gnupg: failes to check a signature from user 'nobody'

Daniel Leidert daniel.leidert at wgdd.de
Sat Dec 12 04:46:26 UTC 2009


Am Freitag, den 11.12.2009, 21:25 +0200 schrieb Eugene V. Lyubimkin:
> Daniel Leidert wrote:
> > Am Freitag, den 11.12.2009, 15:37 +0200 schrieb Eugene V. Lyubimkin:
> > 
> >> $ sudo -u nobody gpg --verify --no-default-keyring --keyring /var/lib/cupt/trusted.gpg /var/lib/apt/lists/ftp.fi.debian.org_debian_dists_sid_Release.gpg /var/lib/apt/lists/ftp.fi.debian.org_debian_dists_sid_Release
> > 
> > The tool gpgv is designed for exactly this action. You don't need to
> > mess around with gpg in this case.
> > 
> Hm, I remember someone (IIRC from the Debian project) once said there are/were
> some problems regarding checking expired signatures with gpgv. Is this just
> rumours?

IMO you probably heard of http://bugs.debian.org/497825. Please check
the last comments. Neither Thijs nor me were able to reproduce the issue
(with a recent gnupg version).

Regards, Daniel






More information about the Pkg-gnupg-maint mailing list