Santiago Torres <santiago@xxxxxxx> writes: > Now that I think about it though, verify tag can verify more than one > tag. I assume that this would make it difficult to propagate individual > errors in trusting. I honestly don't know what's the best way to modify > this behavior then. I am not sure if changing the behaviour is warranted to begin with. Especially when somebody wants to get more than a single bit. I think our single bit signals "does signature compute correctly?" without taking "how much trust do we place in that particular key?" into account. As Brian mentioned in an earlier response, those who want to take different factors like the level of trust etc. into account can read from "--raw", using the exit code only for "does signature compute correctly?" and nothing else. That would allow them to perform any validation underlying GNUPG let them to do.
