-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 11/13/14 9:22 AM, Daniel Kahn Gillmor wrote:
| On 11/13/2014 07:01 AM, Werner Koch wrote:
|> gpg: Make the use of "--verify FILE" for detached sigs harder.
|
| thanks for doing this, Werner.
|
|> Now waiting which tools or scripts will break. I
On 11/13/2014 07:01 AM, Werner Koch wrote:
> gpg: Make the use of "--verify FILE" for detached sigs harder.
thanks for doing this, Werner.
> Now waiting which tools or scripts will break. I checked a few
> (including dpkg) and they do the Right Thing.
i'm glad to hear this.
> Shall this be
On Fri, 7 Nov 2014 22:21, si...@sinic.name said:
> I've attached an exemplary signature file (named gnupg-2.1.0.tar.bz2.sig
> for your convenience) that demonstrates the problem:
Thanks that was useful for testsing. What I did is:
commit 69384568f66a48eff3968bb1714aa13925580e9f (HEAD, refs/hea
On Tue, 11 Nov 2014 11:00, pe...@digitalbrains.com said:
> How would the warning be triggered? By the extension of the signature
> file or by existence of a file without the .sig extension, or even some
> other way?
Using an extension is in general not a good idea but in this case we use
it anywa
On 11/11/14 09:52, Werner Koch wrote:
> I think this is what I will implement.
How would the warning be triggered? By the extension of the signature
file or by existence of a file without the .sig extension, or even some
other way?
> That is an entire different thing and not a problem of gpg.
If
On Mon, 10 Nov 2014 12:59, pe...@digitalbrains.com said:
> If GnuPG encounters this situation, but file.ext.sig is not a detached
> signature, it could display a big fat warning:
>
> WARNING: file.ext.sig is NOT a detached signature; the file file.ext is
> NOT VERIFIED!
I think this is what I wil
On Mon, Nov 10, 2014 at 12:25 PM, Peter Lebbing wrote:
> On 10/11/14 13:03, Nicholas Cole wrote:
>> But in fact, it is the fact that scripts depend on this that made me
>> think that this might be a case where things *should* get broken,
>> because this is actually a serious security flaw, and the
On 10/11/14 13:03, Nicholas Cole wrote:
> But in fact, it is the fact that scripts depend on this that made me
> think that this might be a case where things *should* get broken,
> because this is actually a serious security flaw, and the scripts in
> question need fixing. In many cases, no one is
On Mon, Nov 10, 2014 at 11:59 AM, Peter Lebbing wrote:
> On 10/11/14 12:02, Nicholas Cole wrote:
>> So the confusion is
>> that you have one single command that deals with verifying both a
>> detached signature and with a file that contains a signature?
>
> Yes.
>
>> Is the best fix for this to in
On 10/11/14 12:02, Nicholas Cole wrote:
> So the confusion is
> that you have one single command that deals with verifying both a
> detached signature and with a file that contains a signature?
Yes.
> Is the best fix for this to introduce two new commands
That seems extreme. Although you could a
10 matches
Mail list logo
