Detached signature ambiguity

Werner Koch wk at
Tue Nov 11 12:09:48 CET 2014

On Tue, 11 Nov 2014 11:00, peter at said:

> How would the warning be triggered? By the extension of the signature
> file or by existence of a file without the .sig extension, or even some
> other way?

Using an extension is in general not a good idea but in this case we use
it anyway to determine the matching data file.  Thus we will use both.

> If the warning is triggered by existence of a file without the .sig
> extension, it does suggest to me that people should not rely on the
> warning and thus always specify both the signature file and the signed
> file on the command line. Because they might infer by absence of the

Indeed, this should always be done.  I will also make the 

  gpgv: assuming signed data in 'xzy'

show up always and not just in verbose mode.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list