OpenPKG Security Advisory – According to a vendor security advisory [0] based on hints from the Gentoo project, a false positive signature verification bug exists in the GnuPG [1] security tool when unattended signature verification (e.g. by scripts and mail programs) is performed via “gpgv” or “gpg –verify”.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/43997/OpenPKG-SA-2006.001.txt
Source: https://packetstormsecurity.com/files/43997/OpenPKG-Security-Advisory-2006.1.html