gnupg & pgpverify trouble

[Russ Allbery]

Christoph Biedl <cbiedl at gmx.de> writes:
> Russ Allbery wrote...

>>   * pgpverify will now correctly verify signatures generated by GnuPG and
>>     better supports GnuPG as the PGP implementation.

> Upgrading my system (Debian sarge) I and others found pgpverify fails if
> using gpg for verification of signed control messages. The reason for
> this is appearently gpg which now looks for ~/.gnupg/trustedkeys.gpg
> instead of ~/.gnupg/pubring.gpg. However, gpg was not changed so I
> assume a different gpgv invocation in the new pgpverify version.

pgpverify used to always specify the keyring and override the default
behavior, and gpgv uses a different keyring by default.  I could have
sworn that I already documented this somewhere, but now I can't find any
sign of that.

My inclination is to just document the GnuPG behavior rather than override
it, since presumably GnuPG had some reason for doing things that way (I
think it's because gpgv doesn't use the normal trust mechanism for key
validation).  It definitely needs documentation.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.