Checking GPG fingerprints may fool users. Solution included.

A discussion between a Tahoe-LAFS dev and someone shows that showing fingerprints may have loophole that deceives verifiers. A small GPL’d script was written to protect against this. Are we vulnerable to what is described? If so we can add the code and probably fix the wiki instructions.


In scripts, no, we are using gpg with --status-file and parse that. Not using grep.

Good time to mention:

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]