On 12/29/25 18:57, Peter Gutmann wrote:
[...]A solution for mission-critical use like authenticating downloaded binaries would be to do two things: 1. Create an app that does just that and nothing else: Here is a blob of data, here is a detached signature, is it valid for the data?
Does using gpgv(1) with detached signatures fit this bill?I am unsure what having a separate tool dedicated for verifying signatures using trusted keyrings says about the overall system...
-- Jacob
