-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 25/01/15 11:48, Damien Goutte-Gattat wrote:
It looks like bug 1637 [1], which indeed affected gpa-0.9.4 but has been
fixed in gpa-0.9.5 and later versions.
So GPA never verified detached signatures in the first place? I read the
report by Philip
I was postulating that the breakage might be related to the fact that GnuPG in
batch mode no longer verifies a detached signature as valid when it is only
given the detached signature, instead of the pair of signed file and detached
signature. This security fix was backported to 2.0 and 1.4, so it
On 01/24/2015 08:05 PM, Philip Jackson wrote:
Using GPA 0.9.4 in linux. [...]
So it appears to be a bit hit and miss trying to use GPA to verify downloaded
.asc signatures.
It looks like bug 1637 [1], which indeed affected gpa-0.9.4 but has been
fixed in gpa-0.9.5 and later versions.
[1]
On 25/01/15 14:49, Philip Jackson wrote:
I'm sorry if I've wasted people's time with a worry from the past that no
longer exists.
It was totally reasonable to bring this to the list, so no need to apologise
as far as I'm concerned.
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination
On 25/01/15 12:05, Peter Lebbing wrote:
It seems Philip is confusing signed files and detached signatures, by the way:
gpg --clearsign test1.txt gpg --clearsign -a test1.txt gpg --sign -a
test1.txt
The first two are exactly equivalent. Neither three produce a detached
signature, which was
On 25/01/15 11:05, Peter Lebbing wrote:
I think it's quite likely --batch comes into play in your scenario, although
I'm
not well acquainted with the source code.
By the way, I think it'd be helpful if you could indicate your distribution
and
the version of GPA you use. Also, if you
On 25/01/15 11:48, Damien Goutte-Gattat wrote:
On 01/24/2015 08:05 PM, Philip Jackson wrote:
Using GPA 0.9.4 in linux. [...]
So it appears to be a bit hit and miss trying to use GPA to verify downloaded
.asc signatures.
It looks like bug 1637 [1], which indeed affected gpa-0.9.4 but has
On 24/01/15 20:25, Peter Lebbing wrote:
On 24/01/15 20:05, Philip Jackson wrote:
Using GPA 0.9.4 in linux.
I downloaded a file and its signature as a .asc from a website that I have
used many times. While looking at the spelling of the filename, I
accidentally clicked on the signature file
On 24/01/15 20:05, Philip Jackson wrote:
Using GPA 0.9.4 in linux.
I downloaded a file and its signature as a .asc from a website that I have
used many times. While looking at the spelling of the filename, I
accidentally clicked on the signature file and launched GPA so decided to
use it