Goswin von Brederlow schrieb am Donnerstag, dem 04. September 2008:
> m...@book:% sudo gpgv --keyring etc/apt/trusted.gpg
> var/lib/apt/lists/localhost_debian_dists_sid_Release.gpg
> var/lib/apt/lists/localhost_debian_dists_sid_Release
> gpgv: Signature made Tue Sep 2 18:08:46 2008 CEST using RSA key ID
> F583D700
> gpgv: Good signature from "Tester (test key) <t...@noreply.org>"
Stop abusing my domain name. example.{com,org,net} is what you were
looking for.
> m...@book:/% sudo gpg --keyring etc/apt/trusted.gpg --verify
> var/lib/apt/lists/localhost_debian_dists_sid_Release.gpg
> var/lib/apt/lists/localhost_debian_dists_sid_Release
> gpg: WARNING: unsafe ownership on configuration file
> `/home/mrvn/.gnupg/gpg.conf'
> gpg: Signature made Tue Sep 2 18:08:46 2008 CEST using RSA key ID
> F583D700
> gpg: Good signature from "Tester (test key) <t...@noreply.org>"
> gpg: Note: This key has expired!
> Primary key fingerprint: 317C B6A2 20E3 D9DF BE98 0264 1E34 EFC0 F583
> D700
> m...@book:/% echo $?
> 0
>
> Note that gpg does not fail the signature just because it has expired,
> even if the signature is made after the expirey date of the key. The
> signature was made when the key was still valid s it gets accepted.
I don't think that's correct.
| wea...@intrepid:~/tmp/g$ gpgv --keyring ./pubring.gpg Release.gpg Release
| gpgv: Signature made Mon Apr 6 01:42:33 2009 CEST using DSA key ID BD2B0EE0
| gpgv: Good signature from "db.debian.org archive key 2008"
| wea...@intrepid:~/tmp/g$ echo $?
| 0
| wea...@intrepid:~/tmp/g$ gpg --status-fd=2 --verify Release.gpg Release
| gpg: WARNING: unsafe permissions on homedir `.'
| gpg: Signature made Mon Apr 6 01:42:33 2009 CEST using DSA key ID
| BD2B0EE0
| [GNUPG:] KEYEXPIRED 1238972541
| [GNUPG:] SIGEXPIRED deprecated-use-keyexpired-instead
| [GNUPG:] SIG_ID ku+8oeaPmKjRxDvpydIDp9yPiss 2009-04-05 1238974953
| [GNUPG:] EXPKEYSIG BEA7CF10BD2B0EE0 db.debian.org archive key 2008
| gpg: Good signature from "db.debian.org archive key 2008"
| [GNUPG:] VALIDSIG 41A8A518BF62877513FE798FBEA7CF10BD2B0EE0 2009-04-05
| 1238974953 0 4 0 17 2 00 41A8A518BF62877513FE798FBEA7CF10BD2B0EE0
| gpg: Note: This key has expired!
| Primary key fingerprint: 41A8 A518 BF62 8775 13FE 798F BEA7 CF10 BD2B 0EE0
No GOODSIG.
So gpgv considers a signature valid that gpg doesn't. That in itself
should be a grave bug.
--
| .''`. ** Debian GNU/Linux **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `- http://www.debian.org/
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
