No subject
Thu Nov 10 09:51:52 CET 2005
problem does not affect cleartext signatures.
Am I correct, or is this a misinterpretation? The announcement sounds
like gpg would still correctly verify (only) data covered by the signature, but then
output data which is not covered by the signature. So it would still be safe to
assume that anything between -----BEGIN PGP SIGNED MESSAGE----- and the
following -----BEGIN PGP SIGNATURE----- is correctly validated(?).
regards,
rainer
More information about the Gnupg-devel
mailing list