sopv-gpgpv: an implementation of the verification-only subset of the Stateless OpenPGP CLI using gpgv as a backend
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Jul 29 18:01:58 CEST 2024
Hi Todd--
On Fri 2024-07-26 09:54:32 -0400, Todd Zullinger via Gnupg-users wrote:
> A reasonably common use case for gpgv is to verify
> signatures on release artifacts by distribution packaging
> tools. Being able to use the upstream provided key
> material, which is typically armored, would make things a
> bit simpler and easier to verify for people interested in
> ensuring those packages are using the proper key material
> and are not introducing any issues.
I recommend using any sopv implementation for that use case, since sopv
is specified to explicitly accept both armored and unarmored
certificates as verification targets.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 324 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20240729/4d274e7f/attachment.sig>
More information about the Gnupg-users
mailing list