Re: signing source code with gpg

1 msg	Documentation for GnuPG
1 msg	gpg card reading problem
4 msg	Erroneous char at the end of a file...
3 msg	Saving a gpg signed message as plain text from ...
1 msg	new (2007-03-18) keyanalyze results (+sigcheck)
4 msg	HowTo make a donation to gpg...
1 msg	strip-revokers script
4 msg	Deleting a designated revoker
2 msg	Cardreader Pinpad only on linux ?
3 msg	PGP Desktop & GnuPG
6 msg	PGP Desktop and GPG
3 msg	Enabling GPGRelay passphrase prompt on e-mail s...
3 msg	GNUPG, how to set the passphrase as parameter i...

signing source code with gpg
\ Nathan Smith (14 Mar 2007)
. \ Peter S. May (14 Mar 2007)
. . \ Werner Koch (14 Mar 2007)
. \ Joseph Oreste Bruni (14 Mar 2007)
. . \ Werner Koch (14 Mar 2007)
. . . \ Jason Harris (14 Mar 2007)
. . . . \ Werner Koch (15 Mar 2007)

3 msg	gpg-agent: Different TTLs for different keys
3 msg	Pinpad problem with SCM SPR532
7 msg	gpgsm doesn't recognize certs are related to se...
30 msg	GnuPG incompatible with windows-vista ?
3 msg	display bug
1 msg	gpgsm and multiple messages

Subject:	Re: signing source code with gpg
Group:	Gnupg-users
From:	Werner Koch
Date:	15 Mar 2007

On Wed, 14 Mar 2007 22:32, jharris said:

> Now seems like a good time to ask for an option like:
>
> --require-sig-from <fingerprint> [<fingerprint> ...]
>
> to make sure sigs are only from particular signers.

You can do the same by using gpgv it verifies only if the key is in a
special keyring. I am not sure whether adding the suggested option is
really a good idea. Other folks will come and demand further
customization.

> As an add-on to the FreeBSD ports system, I've already had to employ
> --status-fd to make sure I get a signature from an expected signer:

Scripts are the way we do it in Unix ;-)

Shalom-Salam,

Werner

_______________________________________________
Gnupg-users mailing list
Gnupg-users
http://lists.gnupg.org/mailman/listinfo/gnupg-users