Verify with missing public key: unexpected returncode
Robert J. Hansen
rjh at sixdemonbag.org
Fri Mar 3 18:09:33 CET 2017
> I think it should return 1 in this case. But I get 2. Why?
Because there were no bad signatures. A signature which cannot be
verified is neither good nor bad, it just is.
The alternative would be for GnuPG to return a bad signature literally
*whenever* it had no public key with which to verify the signature,
meaning that 99% of signatures on a mailing list would be reported as
bad. Can you imagine the bug reports we'd get from people if that were
the case? "Your software package is listing every single signed message
I've received as being bad!"
More information about the Gnupg-users