martin.stein at ...1...
Fri Oct 18 12:16:37 CEST 2013
@chelmuth: Thank you for the quick help :)
On 18.10.2013 12:13, Christian Helmuth wrote:
> Martin and me investigated more on this issue. As a quick fix we added
> keyserver-options auto-key-retrieve
> to his $HOME/.gnupg/gpg.conf file.
> Why download_sigver does not detect the missing public key is also no
> longer a miracle: If the users key ring contains another (in this case
> revoked key) for the email ID of the signer, the script directly tries
> to verify the signature of the downloaded file. GPG itself detects the
> missing public key for the used key ID. In the case of
> "auto-key-retrieve", GPG fixes this by downloading the key from the
> server, otherwise it aborts.
More information about the users