Hi Werner,
Thanks for responding
> this is a requirement for OpenPGP because OpenPGP allows to embed a signature
> in encrypted data (combined method in contrast to the rarely used MIME
> containers). Thus when calling the decrypt function you can't know in
> advance whether there will be a
Hi!
On Mon, 15 Jun 2020 12:36, Justin Steven said:
> GPG_ERR_NO_ERROR but for gpgme_op_verify_result() to return a list of zero
> signatures. This feels like an erroneous condition to me, and with libgpgme
We already explained that this is a requirement for OpenPGP because
OpenPGP allows to
Hi all,
On 9 June 2020 I disclosed a vulnerability in fwupd. There was a problem with
the way that it used libgpgme to verify the PGP signature of its update
metadata.
I would like to put it forward for wider discussion: is libgpgme is working as
intended, or should this particular behaviour be