--with-sig-check silently ignored when used with --import and --recv-keys

Daniel Roesler diafygi at gmail.com
Mon May 4 17:58:49 CEST 2015


Gotcha. Would it be possible to throw an error when --with-sig-check
is included with --import or --recv-keys? When silently ignored, it is
very easy for a user to assume that the signature checks passed.

Daniel

On Sun, May 3, 2015 at 2:02 AM, Werner Koch <wk at gnupg.org> wrote:
> On Sun,  3 May 2015 01:02, diafygi at gmail.com said:
>
>> I've been playing around with key signatures and ran across an interesting
>> situation. For some reason, --with-sig-check is silently ignored when used with
>> --import and --recv-keys. Is this something I should file a bug on?
>
> It has no function there.  It is used as an option for --list-keys.
> Import simply imports the key and does only a few basic checks.  It is
> in particular not useful to do a key signatures check during import
> because at the point you may not yet have imported the keys used to
> create the key signature.
>
>
> Shalom-Salam,
>
>    Werner
>
> --
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
>



More information about the Gnupg-users mailing list