Ansgar Burchardt <ans...@debian.org> writes: > I recently looked at several packages using gpg to verify signatures
Thanks for your work! Please try to raise this upstream so that they can provide proper interfaces. Is /usr/bin/gpgv --quiet --keyring /etc/myprogram/trusted.gpg file file.sig chmod a+x file ./file still a safe way to ensure that only code signed by a key in trusted.gpg gets executed? (Assuming of course that user can't modify the file between the check and execution.) -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/844njoipms....@sauna.l.org
