[Timo Juhani Lindfors] > Is > > /usr/bin/gpgv --quiet --keyring /etc/myprogram/trusted.gpg file file.sig > chmod a+x file > ./file > > still a safe way to ensure that only code signed by a key in trusted.gpg > gets executed? >From the manpage: Note that this adds a keyring to the current list. If the intent is to use the specified keyring alone, use --keyring along with --no-default-keyring. Peter