gnupg & pgpverify trouble

Russ Allbery rra at
Sun Jul 3 01:09:57 UTC 2005

Christoph Biedl <cbiedl at> writes:
> Russ Allbery wrote...

>>   * pgpverify will now correctly verify signatures generated by GnuPG and
>>     better supports GnuPG as the PGP implementation.

> Upgrading my system (Debian sarge) I and others found pgpverify fails if
> using gpg for verification of signed control messages. The reason for
> this is appearently gpg which now looks for ~/.gnupg/trustedkeys.gpg
> instead of ~/.gnupg/pubring.gpg. However, gpg was not changed so I
> assume a different gpgv invocation in the new pgpverify version.

> Copying or linking the two key files is at least a workaround, but: Has
> this been documented anywhere?

I've released a new upstream version of pgpverify that falls back on
pubring.gpg if trustedkeys.gpg is empty or non-existent.  This isn't the
ideal behavior, but given the situation and the backward compatibility
concerns, I think it makes the most sense.

This will be in the next release of INN.

Russ Allbery (rra at             <>

    Please send questions to the list rather than mailing me directly.
     <> explains why.

More information about the inn-workers mailing list