gnupg & pgpverify trouble

Russ Allbery rra at stanford.edu
Sun Jul 3 01:09:57 UTC 2005


Christoph Biedl <cbiedl at gmx.de> writes:
> Russ Allbery wrote...

>>   * pgpverify will now correctly verify signatures generated by GnuPG and
>>     better supports GnuPG as the PGP implementation.

> Upgrading my system (Debian sarge) I and others found pgpverify fails if
> using gpg for verification of signed control messages. The reason for
> this is appearently gpg which now looks for ~/.gnupg/trustedkeys.gpg
> instead of ~/.gnupg/pubring.gpg. However, gpg was not changed so I
> assume a different gpgv invocation in the new pgpverify version.

> Copying or linking the two key files is at least a workaround, but: Has
> this been documented anywhere?

I've released a new upstream version of pgpverify that falls back on
pubring.gpg if trustedkeys.gpg is empty or non-existent.  This isn't the
ideal behavior, but given the situation and the backward compatibility
concerns, I think it makes the most sense.

This will be in the next release of INN.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.


More information about the inn-workers mailing list