Verify with missing public key: unexpected returncode
Gerd v. Egidy
gerd.von.egidy at intra2net.com
Fri Mar 3 18:24:08 CET 2017
Hi Robert,
> > I think it should return 1 in this case. But I get 2. Why?
>
> Because there were no bad signatures. A signature which cannot be
> verified is neither good nor bad, it just is.
ok.
> The alternative would be for GnuPG to return a bad signature literally
> *whenever* it had no public key with which to verify the signature,
> meaning that 99% of signatures on a mailing list would be reported as
> bad. Can you imagine the bug reports we'd get from people if that were
> the case? "Your software package is listing every single signed message
> I've received as being bad!"
Hmm, but according to the manpage you currently get a returncode meaning
"fatal error" in this case. That sounds much more severe to me than a bad
signature.
Kind regards,
Gerd
More information about the Gnupg-users
mailing list