When you receive a message, don't go interpreting it. Do nothing. Compute
the signature. In the case where you have a non-blank-trimmed literal
packet, don't even look for the flaw here.
It is not that simple for detached signatures (a detached signature is
one where the PGP message consists of the signature packet only and
the signed text is specified externally). When you verify a detached
text-mode signature, you *have to* convert the text to canonical
format first. And, conversely, when you generate a detached signature,
modifying the original file usually is not an option.
It's my opinion that if a 2440 application wants to send a textmode message
with trailing blanks then the obvious, right way to do it is to put a
binarymode signature after the textmode literal.
RFC 2440 doesn't expressly say whether or not you can do that, but as
far as I remember, PGP just throws funny error messages at you when
you try it.