[weboob] [PATCH 1/1] Use gpg2 rather than gpgv2 for signature verification

Laurent Bachelier laurent at bachelier.name
Tue Dec 29 11:52:48 CET 2015


On 2015-12-26 23:19, Mickaël Thomas wrote:
> Current gpgv2 has a bug where the gpgv2 command does not work
> 
> A patch has already been sent upstream :
> https://lists.gnupg.org/pipermail/gnupg-devel/2015-December/030623.html
> 
> Using gpg2 --verify instead of gpgv2 fixes the issue


Hello,

Thanks for your patch, I wasn't aware of this bug.

The reason we use gpgv is because it's a simpler and more ubiquitous
command (it is available by default on many systems as they use it for
their own packaging tool).

I would like it better if it could still use gpgv as a fallback,
especially since upstream will eventually fix it.

Moreover, gpg should be ran with the following options, otherwise the
result may depend on the user configuration:
--no-options
--no-default-keyring

See its usage in weboob/applications/weboobrepos/weboobrepos.py




More information about the weboob mailing list