[pkg-gnupg-maint] Bug#836554: Bug#836554: Bug#836554: gnupg - file verification leaves agent running
Werner Koch
wk at gnupg.org
Sun Sep 4 15:33:11 UTC 2016
On Sun, 4 Sep 2016 16:51, waldi at debian.org said:
> Well, you took over the gpg name, so you have to abide to the same
> interface, which you obviously don't do.
I disagree: We installed the gpg from GnuPG-2 under the name gpg2 to
avoid conflicts with 1.x installations. After more than a decade it
should be okay to push a bit forward to deprecate the use of 1.x.
> The only way to verify an inline-signed message and also get the
> unescaped message is to use gpg --decrypt. --verify does not even
> accept --output.
Frankly, I was not aware of it. It should be possible to add this back.
> Isn't gpgv a debian-ism?
No. gpgv was introduced 16 years ago to make simple verification cases
easier. And indeed it was triggered by a request from Debian people.
But it is used everywhere.
I would also suggest to always use detached signatures. This is the
most reliable way of knowing what has been signed. With the other two
formats it is possible to play interesting games.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
/* Join us at OpenPGP.conf <https://openpgp-conf.org> */
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 162 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20160904/a08d0878/attachment.sig>
More information about the pkg-gnupg-maint
mailing list