On Tue, 2020-12-29 at 15:36 +0100, Werner Koch wrote: > gpg caches key signature verification results. Use --no-sig-cache to > disable this cache.
But only sometimes? As said in my follow-up for the key imported via `--recv-keys` the verification status of `--check-sigs` changes as expected when I also pass `--allow-weak-digest-algos`; I can call `--check-sigs` with and without `--allow-weak-digest-algos` as many times as I want and the result still changes. So neither `--recv-keys` nor `--check-sigs` seems to update the cache. There seems to be only a cached signature when I import the key via `--import`. Ansgar
signature.asc
Description: This is a digitally signed message part
