issue 4587: Verifying multiple OpenPGP signatures on a release

From: Andreas Stieger <Andreas.Stieger_at_gmx.de>
Date: Thu, 13 Aug 2015 12:16:57 +0200

For issue 4587: Verifying multiple OpenPGP signatures on a release
The following splits and verifies all signatures:
csplit --elide-empty-files --prefix=sig --suffix-format=%0d2.asc subversion-1.9.0.tar.bz2.asc '/^-----BEGIN PGP SIGNATURE-----$/' '{*}'
for X in sig*.asc; do gpg --verify $X subversion-1.9.0.tar.bz2; done

The same could be done in awk.

In 2013 gpg was noted to not support multiple signatures if the signing keys differ in type/digest:
http://www.eyrie.org/~eagle/journal/2013-01/011.html

Andreas
Received on 2015-08-13 12:29:12 CEST

This message: [ Message body ]
Next message: Marc Strapetz: "Re: JavaHL, 1.9: "Bad file descriptor", "Stream doesn't support this capability" errors"
Previous message: Philip Martin: "Re: Review of sizeof usage"
Next in thread: Julian Foad: "Re: issue 4587: Verifying multiple OpenPGP signatures on a release"
Reply: Julian Foad: "Re: issue 4587: Verifying multiple OpenPGP signatures on a release"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]