commitpkg: prefer explicit signature+data parameters for gpg --verify

Lets prefer the explicit variant of gpg --verify by providing both, the
signature and the data file as parameters.
For the unlikely case there is a matching signature file already present
that was created outside of the toolchain and has an embedded signature
with data, we at least could detect it early with this check.

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>

0 files changed, 0 insertions, 0 deletions