audreyt
commented
8 years ago Thanks for the suggestion! I'll be happy to take pull requests, though I'm not actively developing this module for the foreseeable future.
Open anishathalye opened 8 years ago
audreyt
commented
8 years ago Thanks for the suggestion! I'll be happy to take pull requests, though I'm not actively developing this module for the foreseeable future.
anishathalye
commented
8 years ago Okay, cool. I don't have much free time in the near future (and also, I don't really write Perl), so maybe someone else will see this issue and can work on a fix.
Right now, it's possible to use Module::Signature to check if a signature is valid, but there's no API to check if it's trusted. This can be a problem.
It seems that there is some check for this, but the check prints an error to stderr, so it's not particularly useful.
Ideally, the API of
verify()itself would be designed differently, perhaps like GNOME Camel, but that could (and probably would) break existing applications. So I'm not sure what's the best way to go about improving this for better security.