> The signature checking has never worked anyway, though.
Maybe not for you, but it's supposed to work, and AFAIK it works for
many people.
Oh, sorry. I always assumed this was why package-check-signatures defaulted
to allow-unsigned.
> Will having a newer
> signature make a difference? If I rename my .emacs.d/ and run "emacs"
> (master),
> then "M-x package-list", I get this:
>
> Failed to verify signature archive-contents.sig:
> Bad signature from 474F05837FBDEF9B GNU ELPA Signing Agent (2014) <
> address@hidden>
> Command output:
> gpg: Signature made 05/14/19 10:10:03 GMT Summer Time
> gpg: using DSA key CA442C00F91774F17F59D9B0474F05837FBDEF9B
> gpg: BAD signature from "GNU ELPA Signing Agent (2014) <
> address@hidden>" [unknown]
>
> This is on Windows, with gpg 2.2.11 on the path.
Sounds like a bug. Could you report it as such, so we can track it
(and hopefully fix it for 26.3)?