GNU Privacy Assistant - false negatives on detached signature verification (GPA)
Bernhard Reiter
bernhard at intevation.de
Fri Oct 8 12:26:42 CEST 2021
Am Mittwoch 06 Oktober 2021 21:19:18 schrieb anonymous via Gnupg-users:
> It seems that GPA can only verify detached signatures when it has a suffix
> of .sig .sign or .asc. When a detached signature has a different suffix
> (for example .gpg like all of the sha256sum.txt.gpg files for verifying
> Linux Mint downloads) GPA will always display a signature status of "Bad"
> even though the signature is in fact good.
If this is reproducable for you, please file a problem report on dev.gnupg.org
with keyword GPA.
Note that GPA maintance is currently very slow. Werner has some GKT3 patches
but no time to get this is shape. And unless someone steps up to maintain the
windows port, it will probably be dropped from Gpg4win for example. (See
gpg4win-devel@ discussion).
Best Regards,
Bernhard
--
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20211008/d424ee70/attachment.sig>
More information about the Gnupg-users
mailing list