> Theo de Raadt: > >> > Yeap, there is a problem with verifying uncommented signatures on > >> > current signify(1). I don't care. And it's okay if someone does - I've > >> > just put my two cents. > > they don't need to be verified. They are informational. > > Okay, I meant signified files without a comment line. > > atm, one can't verify signature if 'untrusted comment: ' line is not there. > Yes, they are _informational_. That's why I think they should be optional.
But they are not optional. This is a subsystem where strictness is is a good thing.
