18 Oct
2013
18 Oct
'13
10:16 a.m.
@chelmuth: Thank you for the quick help :)
On 18.10.2013 12:13, Christian Helmuth wrote:
Hi,
Martin and me investigated more on this issue. As a quick fix we added
keyserver-options auto-key-retrieve
to his $HOME/.gnupg/gpg.conf file.
Why download_sigver does not detect the missing public key is also no longer a miracle: If the users key ring contains another (in this case revoked key) for the email ID of the signer, the script directly tries to verify the signature of the downloaded file. GPG itself detects the missing public key for the used key ID. In the case of "auto-key-retrieve", GPG fixes this by downloading the key from the server, otherwise it aborts.
Greets