By resolved, I meant that the man page now states:

  gpgv  assumes  that  all  keys in the keyring are trustworthy.  That does also
  mean that it does not check for expired or revoked keys.

Your wish is to change this behaviour. This would be an API break and thus I
hestitate to do this for 1.4 and 2.0. However, 2.1 has a lot of changes anyway
and I think it is okay to change it for 2.1.

I don't think this is actually resolved.

As noted in https://lists.gnupg.org/pipermail/gnupg-devel/2016-April/031032.html
, gpgv accepts signatures made from revoked or expired keys.

It should reject signatures made from keys it believes to be revoked or expired.

The attached tarball contains:

     pubkey.gpg -- a binary-format 2048-bit RSA OpenPGP certificate

     C47D9EDFF117EE2AA11B162D017D715B3D0C4AF2.key -- the corresponding
                                                     secret key (for
                                                     reference/experimentation
                                                     only)

     before.txt.asc -- clearsigned message made by the key before
                       certificate creation time

     during.txt.asc -- clearsigned message made by the key between
                       certificate creation and certificate expiration

     after.txt.asc -- clearsigned message made by the key after certificate
                      expiration

of these, gpg approves of during.txt.asc and after.txt.asc, but not before.txt.asc.

If someone comes up with a brief description on how to use it, we can add it.

I'm not convinced that the +-prefixed lines address clint's concern.

In particular, the parenthetical remark "(domain means the domain part of the
mail address)" is the important bit -- will this be documented somewhere?

I have added this note to the description of the tsign command in the gpg man
page from master (2.1). Won't be changed for 1.4.

+ or groups. For more information please read the sections
+ `Trust Signature'' and `Regular Expression'' in RFC-4880.

(domain means the domain part of the mail address).

Removed from doc with commit d877528

Hi Justus,
my report describing the problem, not proposing a solution.
(I think that most report should describe the issue,
so that good solution ideas can be measursed against how could they
solve this and other problems.)

If there is no technical reason to have --faked-system-time
in 2.0.x, I guess that fixing the documentation is the easier solution.

I don't understand the bug report. Do you want the feature backported or the
documentation fixed?

Fixed in c7cb4008. This will take effect next the web site is published.

This is a feature of the org-mode export. I'm looking into this.

The error has change in 2.1 to:

  gpg: secret key "foo.gpg" not found: Not found

(i.e., it doesn't say Unknown system error any more.)

The fundamental issue is that the argument to --gen-revoke is not a filename,
but a user id (e.g., the key id). I've accordingly change the error message in
46e128d as follows:

$ gpg2 --output revoke.asc --gen-revoke foo.gpg

gpg: no secret key matches the search term "foo.gpg"

https://www.gnupg.org/documentation/manpage.en.html is way out of date. Is
there a way to automatically generate this page (it needs to be converted to the
.org format).

Thank you for pointing out. It was long standing mistake.
Fixed in the repo.

The manual is not maintained anymore and thus we don't apply fixes, sorry.

This is about updating the docs. Will be done for 2.1 only.

Done.

May be close this bug?

Thank you for the feedback.

You're right, I don't kwnow why I didn't see it. I was blocked on the default value.

Thank you for your report.

I think the document is right. Yes, it's somehow confusing.

It explain "two conditions" using GPG default values, but then,
it says : "This example assumes that two marginally-trusted keys
or one fully-trusted key is needed to validate another key.
The maximum path length is three."

It would be better explaining with default values, though.

It is a wiki. please fix yourself. Nio bee for BTS entry. Thanks.

Updated Text to remove extra word 'embedded ' from 5th entry. Send Message to
Most recent editor to confirm if correct.

Ok

No. The website,the manual, and the FAQ will soon be updated.

up

Ok, can I append this information in documentation ? I see the website source
code in git repository. Can I add this contribution ?

You need to know the OpenPGP protocol to understand what this is about. IIRC,
the GPH also explains this.

pub = public key oacket
uid = user id packet
sub = public subkey packet
sec = secret key packet
sbb = secret subkey packet
sig = key signature

Done for 1.4.15 and 2.0.22.

Done for 1.4.15 and 2.0.22.

Will do so.