If GPG were written in a good style (here meaning separating the application and the core C API, with the latter being installed alongside the exec), most of clients would use that API directly, with such kinds of spoofing impossible. And the wrappers like GPGME (which internally calls the gpg executable) wouldn't be needed.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds