On 11/04/2019 02:37, Ángel wrote: > Why should I need to remember to manually add that .'2' every time?
Because, as I said, it might silently corrupt the functioning of a utility that expects "gpg" to be 1.4 and not 2.1. There are quite a lot of utilities out there that parse the output of the gpg command in a way that is not sufficiently robust. The different output generated by 2.1 might cause such a utility to misinterpret it, and silently accept an invalid signature. The purpose of calling gpg to verify a signature was surely to reject invalid signatures, so you might expose yourself to attackers that way. Depending on how the utility calls "gpg", it might be affected by your alias and end up calling "gpg2". HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
