Yet another problem with 1.0.6b.

Janusz A. Urbanowicz alex at bofh.torun.pl
Thu Nov 15 02:30:01 CET 2001


I noticed this while verifying a detached signature against a file - it does
not check the trust database and does not warn about a key not being
trusted:

:alex at sword:[~]:207:> gpg --edit-key Kroeger
gpg (GnuPG) 1.0.6b; Copyright (C) 2001 Free Software Foundation, Inc.
[]
pub  2048R/2842FE69  created: 1996-02-15 expires: never      trust: -/-

and I have a detached signature made with this key against a file:

:alex at sword:[~]:208:> gpg freedom-2.4.tar.gz.asc
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: Signature made Tue Jun  9 19:32:20 1998 CEST using RSA key ID 2842FE69
gpg: Good signature from "Johannes Kroeger <postmaster at squirrel.owl.de>"
gpg:                 aka "Johannes Kroeger <hanne at squirrel.owl.de>"
gpg:                 aka "Johannes Kroeger <jkroeger at squirrel.owl.de>"

There is no waring of the key being untrusted, nor the key fingerprint is
displayed.

Alex
-- 
Janusz A. Urbanowicz | ALEX3-RIPE | SF-Framling | Thawte Web Of Trust Notary

Gdy daję biednym chleb, nazywają mnie świętym. Gdy pytam, 
dlaczego biedni nie mają chleba, nazywają mnie komunistą. - abp. Helder Camara




More information about the Gnupg-devel mailing list