Detached signature ambiguity

Peter Lebbing peter at digitalbrains.com
Tue Nov 11 11:00:52 CET 2014


On 11/11/14 09:52, Werner Koch wrote:
> I think this is what I will implement.

How would the warning be triggered? By the extension of the signature
file or by existence of a file without the .sig extension, or even some
other way?

> That is an entire different thing and not a problem of gpg.

If the warning is triggered by existence of a file without the .sig
extension, it does suggest to me that people should not rely on the
warning and thus always specify both the signature file and the signed
file on the command line. Because they might infer by absence of the
warning that the misnamed file has been verified, when the warning is
absent because GnuPG never noticed the misnamed file.

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list