feature request: automatically check OpenPGP signatures

Robert J. Hansen rjh at sixdemonbag.org
Tue Jun 21 13:59:53 CEST 2016


> It is unfortunately increasingly common that tutorials, howtos and
> installation programs do something like:
> 
>   wget --no-check-certificate https://some.server/path/install.sh
>   chmod a+x install.sh
>   ./install.sh

Let me make sure I understand this:

(a) People care so little about security they'll disable certificate
    checks, but
(b) The same people who care so little about security will care
    enough about it to make OpenPGP signatures available.



More information about the Gnupg-devel mailing list