--check-sig doesn't verify the signatures
Werner Koch
wk at gnupg.org
Wed Nov 28 10:55:19 CET 2007
On Wed, 28 Nov 2007 01:01, funman at videolan.org said:
> You would say if my pubring has been modified, then it's too late, so I
> think that isn't a real problem.
>
> However I guess --check-sig should be explicit that it doesn't verify
> the key signatures (but use a cached value?).
Well, it might not be prominent enough in the documentation. Signature
status caching and the --no-sig-cache option is done sicne 1.0.5 (April 2001):
@item --no-sig-cache
Do not cache the verification status of key signatures.
Caching gives a much better performance in key listings. However, if
you suspect that your public keyring is not save against write
modifications, you can use this option to disable the caching. It
probably does not make sense to disable it because all kind of damage
can be done if someone else has write access to your public keyring.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Gnupg-devel
mailing list