signing source code with gpg
Werner Koch
wk at gnupg.org
Thu Mar 15 09:13:12 CET 2007
On Wed, 14 Mar 2007 22:32, jharris at widomaker.com said:
> Now seems like a good time to ask for an option like:
>
> --require-sig-from <fingerprint> [<fingerprint> ...]
>
> to make sure sigs are only from particular signers.
You can do the same by using gpgv it verifies only if the key is in a
special keyring. I am not sure whether adding the suggested option is
really a good idea. Other folks will come and demand further
customization.
> As an add-on to the FreeBSD ports system, I've already had to employ
> --status-fd to make sure I get a signature from an expected signer:
Scripts are the way we do it in Unix ;-)
Shalom-Salam,
Werner
More information about the Gnupg-users
mailing list