clearsigning perl ?
Sat, 16 Sep 2000 22:29:22 -0400

It is good practice to provide a gpg signature for programs you've
released, right ?

I have a few small perl programs at that
are just a single .pl file... no need for a tarball.  ..and perl is
plaintext, so I figured, why not include the signature in the .pl ?

The result:

What I did was:

* replace the 1st line (#!/usr/bin/perl) with "=cut" 
* put "=head2" on the last line
* gpg --clearsign
* add the following 2 lines to the top:

It works.  The program functions, and the signature verifies successfully.

Is there a better way to do this ?  Should I sign all my single .pl
programs like this ?

I realize this leaves the lines at the beginning of the program, which
could be maliciously modified to do bad things, are not verified.  I think
I would mention what they should look like on the last lines before the
signature, and provide a url to my public key.

I wish there was a way to clearsign a message without the "BEGIN PGP
SIGNED MESSAGE" stuff... (verification failed when I tried removing it)
-- like, just consider everything from the first line to be part of the
signed message.

My public key is at

And somebody really needs to put directions on subscribing to these
lists on


Archive is at - Unsubscribe by sending mail
with a subject of  "unsubscribe"  to