--check-sig doesn't verify the signatures

Werner Koch wk at gnupg.org
Wed Nov 28 10:55:19 CET 2007

On Wed, 28 Nov 2007 01:01, funman at videolan.org said:
> You would say if my pubring has been modified, then it's too late, so I
> think that isn't a real problem.
> However I guess --check-sig should be explicit that it doesn't verify
> the key signatures (but use a cached value?).

Well, it might not be prominent enough in the documentation.  Signature
status caching and the --no-sig-cache option is done sicne 1.0.5 (April 2001):

  @item --no-sig-cache
  Do not cache the verification status of key signatures.
  Caching gives a much better performance in key listings. However, if
  you suspect that your public keyring is not save against write
  modifications, you can use this option to disable the caching. It
  probably does not make sense to disable it because all kind of damage
  can be done if someone else has write access to your public keyring.



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gnupg-devel mailing list