Scripts signed with gnupg become binary garbage, and detached signatures are
Yet, Shell, Perl, Python and Puby files may remain executable if the detached
signature is embedded as a comment at the bottom of the file:
#-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1...
For a practical example:
signed file: http://ftp.waf.io/pub/release/waf-1.8.5
create signed scripts: http://waf.googlecode.com/git/utils/sign_file.py
verify signed scripts: http://waf.googlecode.com/git/utils/verify-sig.py
And the same thing could be said for executables, it would be much better if
signatures could be embedded so that the signatures are always attached to the
data they relate to.
This would actually be a building block for more functionality: on a system
where executables are signed it would be much more difficult to tamper with the
system files, the kernel/interpreters could verify all executables easily.