This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch main in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=f7f88cc62a86d4b96f2c9b0479f495a198d5a59d commit f7f88cc62a86d4b96f2c9b0479f495a198d5a59d Author: Guillem Jover <[email protected]> AuthorDate: Tue Oct 25 23:43:59 2022 +0200 Dpkg::OpenPGP: Require gpgv and do not fallback to gpg to verify signatures Using gpgv exclusively for signature verification is better, it removes a fat dependency where gpgv tends to be present when gpg is present, has a better stateless interface, and reduces code complexity. --- scripts/Dpkg/OpenPGP.pm | 2 -- 1 file changed, 2 deletions(-) diff --git a/scripts/Dpkg/OpenPGP.pm b/scripts/Dpkg/OpenPGP.pm index b1fa796e5..857323a7f 100644 --- a/scripts/Dpkg/OpenPGP.pm +++ b/scripts/Dpkg/OpenPGP.pm @@ -169,8 +169,6 @@ sub verify_signature { my @exec; if (find_command('gpgv')) { push @exec, 'gpgv', _gpg_options_weak_digests(); - } elsif (find_command('gpg')) { - push @exec, 'gpg', _gpg_options_common(), '--verify'; } elsif ($opts->{require_valid_signature}) { error(g_('cannot verify signature on %s since GnuPG is not installed'), $sig); -- Dpkg.Org's dpkg
