phrase "UNTRUSTED good signature" is dangerously misleading

Leo Gaspard ekleog at
Sat Jul 13 20:22:23 CEST 2013

On Sat, Jul 13, 2013 at 05:51:03PM +0100, Ximin Luo wrote:
> I just realised that "UNVERIFIED Good signature" might be confusing too,
> because the signature is verified but the key isn't.
> Perhaps we should say "UNVALIDATED" instead, and this would be consistent with
> the PGP docs' use of the word "validity" to refer to a key that has been
> validated/verified to belong to its claimed owners.

Just to say that, IMHO, even the "good" signature is misleading. Maybe am I
wrong, but I believe it means too much "this signature is OK". Maybe just
"UNVALIDATED signature" ? Yet I'm not at all familiar with GnuPG warnings, so...



More information about the Gnupg-devel mailing list