https://bugzilla.redhat.com/show_bug.cgi?id=2359878
Bug ID: 2359878 Summary: Review Request: gpgverify - signature verifier for easy and safe scripting Product: Fedora Version: rawhide Hardware: All OS: Linux Status: NEW Component: Package Review Severity: medium Priority: medium Assignee: nobody@fedoraproject.org Reporter: bjorn@xn--rombobjrn-67a.se QA Contact: extras-qa@fedoraproject.org CC: package-review@lists.fedoraproject.org Target Milestone: --- Classification: Fedora
Spec URL: https://www.Rombobj%C3%B6rn.se/packages/gpgverify-2.1-1/gpgverify.spec SRPM URL: https://www.Rombobj%C3%B6rn.se/packages/gpgverify-2.1-1/gpgverify-2.1-1.fc43...
Description: GPGverify is a wrapper around GnuPG's gpgv. It verifies a file against an OpenPGP signature and one or more keyrings. Rather than assuming manual use by a knowledgeable user, GPGverify is designed to be easy to use safely in a script. It avoids various unsafe ways of using gpgv that could make a script vulnerable.
Fedora Account System Username: rombobeorn
The package above is for Fedora 43 and later. In Fedora 41 and 42 I'll use this spec file: https://www.Rombobj%C3%B6rn.se/packages/gpgverify-1-1/gpgverify.spec This one is a metapackage that pulls in gnupg2. It will allow spec files to require "gpgverify" in Fedora 41 and 42 too, so the Packaging Guidelines can be updated without waiting a year.