Juergen A. Erhard
jae at ilk.de
Tue Jan 5 17:13:08 CET 1999
-----BEGIN PGP SIGNED MESSAGE-----
When verifying a detached signature, it seems gpg absolutely requires
the detached sig to end in either `.sig' or `.asc'.
Now this might be intentional... but I plan to sign tarballs of my
projects with gpg and pgp, and I'd like to have these on the net as
(and, of course, one someproject.tar.gz ;-)
Well, I looked at the code some, but didn't find where gpg goes
From detached signature filename to `signed stuff' filename.
Wouldn't it be better to do some heuristic check here, like
If it does end in .sig, or .asc, try removing these.
If not, or no file has been found, try removing the
extension... until either nothing is left or some file is found.
I think pgp 5.0 does it the correct way... but that dummy doesn't
gpg --verify signature signed-stuff
(Here pgp 2.6 is better... it doesn't even need --verify).
 This code is really not easy to read... and though I'm in favor of
*more* comments, I don't think it would help *that* much.
Jürgen A. Erhard eMail: jae at ilk.de phone: (GERMANY) 0721 27326
George Herrimann's Krazy Kat (http://www.krazy.com)
"No matter how cynical I get, I can't keep up." -- Bruce Schneier
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v0.9.0 (GNU/Linux)
Comment: For info see www.gnupg.org
-----END PGP SIGNATURE-----
More information about the Gnupg-devel