Hi Michael,

okay, final mail on this issue today:

On Tue, 6 Sep 2016, Johannes Schindelin wrote:

> Your original issue seemed to be that the gpg command could succeed, but
> still no signature be seen. There *must* be a way to test whether the
> called program added a signature, simply by testing whether *any*
> characters were written.
> And if characters were written that were not actually a GPG signature,
> maybe the enterprisey user who configured the gpg command to be her magic
> script actually meant something else than a GPG signature to be added?

I actually just saw that this is *precisely* what the code does already:

        if (ret || signature->len == bottom)
                return error(_("gpg failed to sign the data"));

Why is this not good enough?


Reply via email to