-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 25/01/15 11:48, Damien Goutte-Gattat wrote: > It looks like bug 1637 [1], which indeed affected gpa-0.9.4 but has been > fixed in gpa-0.9.5 and later versions.
So GPA never verified detached signatures in the first place? I read the report by Philip as it being a regression, but when I reread, it doesn't say so explicitly. The "hit and miss" doesn't actually say that it ever verified /detached/ signatures. It seems Philip is confusing signed files and detached signatures, by the way: > gpg --clearsign test1.txt gpg --clearsign -a test1.txt gpg --sign -a > test1.txt The first two are exactly equivalent. Neither three produce a detached signature, which was the problematic case. The signed data is included in the .asc file, not kept as a separate file. > gpg --detach-sign -a test1.txt This is the only one likely mimicking the files downloaded from the website: an ASCII-armoured, detached signature. HTH, Peter. - -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users