I asked about this for the last release and the only comment was:
> Yeah, lately we've been using gpg for that instead of md5 command:
Is there a compelling reason to do this? I have been unable to find
a simple scripted approach to validate an md5 signature produced by
gpg.
With a regular md5sum-produced file, I can use
find . -name '*.md5' -exec cat {} \; -printf ' %f\n' | sed
's|\.md5$||' | md5sum -c
and get a result for every file, no matter what the name.
The same exact approach works for sha1 signatures.
I haven't yet found a way to do with this gpg -print-md5 output,
although it could just be my own short-sightedness.
