Commit
61ae31f74f973b7883e2e374d205fdea073e3143
by Matthias Sohn
External GPG signature verification
If an external GPG is used for signing also use the external GPG for signature verification.
In the signer use Bouncy Castle only to verify that the result we get from the external program is indeed a correctly formatted signature, but don't verify the signature. Previously we tried to fully verify the signature, but for some GPG setups, the JGit implementation cannot find the public key. For instance when GPG uses the keyboxd daemon (as Gpg4Win does since version 4.2.0), it stores public keys in an sqlite database.