My reading of the above is that the gpg method should check for GOODSIG and only accept signatures that have that, VALIDSIG is not enough. This looks like it might be trick to do without adding new strings :/
It also needs to be verified that all versions of gpgv (back down to dapper) behave consistently in the way that is shown above. The test above was done using jaunty.
My reading of the above is that the gpg method should check for GOODSIG and only accept signatures that have that, VALIDSIG is not enough. This looks like it might be trick to do without adding new strings :/
It also needs to be verified that all versions of gpgv (back down to dapper) behave consistently in the way that is shown above. The test above was done using jaunty.