Houston, we have a problem
Werner Koch
wk at gnupg.org
Tue Sep 26 21:39:50 CEST 2017
On Tue, 26 Sep 2017 13:07, andrewg at andrewg.com said:
> The gpg command itself should cryptographically verify signatures when
> performing --list-sigs, so that at least it can throw a warning when an
Actually --list-sigs is more of a debug command than a command users
should use to verify a key. The real command is --check-sigs and it
does what you suggested.
Unfortunately the man pages describes --list-sigs in detail and only in
the next paragraph --check-sigs is explained in terms of --list-sigs.
it might be better to merge them into one description with a focus on
--check-sigs.
Anyway, it is easy to create keys just for signatures and --check-sigs
would not make a difference. Look at my key for all those vanity
signature.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: </pipermail/attachments/20170926/91cac30d/attachment.sig>
More information about the Gnupg-users
mailing list