signing source code with gpg

Werner Koch wk at
Thu Mar 15 09:13:12 CET 2007

On Wed, 14 Mar 2007 22:32, jharris at said:

> Now seems like a good time to ask for an option like:
>   --require-sig-from <fingerprint> [<fingerprint> ...]
> to make sure sigs are only from particular signers.

You can do the same by using gpgv it verifies only if the key is in a
special keyring.  I am not sure whether adding the suggested option is
really a good idea.  Other folks will come and demand further

> As an add-on to the FreeBSD ports system, I've already had to employ
> --status-fd to make sure I get a signature from an expected signer:

Scripts are the way we do it in Unix ;-)



More information about the Gnupg-users mailing list