[PATCH] doc: Clarify --completes-needed and --marginals-needed.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Oct 28 20:59:50 CET 2015
On Wed 2015-10-28 15:35:29 -0400, Damien Goutte-Gattat wrote:
> Well, at least in the context of the --completes-needed option,
> "complete" means the same thing as "full", as this option has nothing to
> do with ultimately trusted keys. Only one certification from such a key
> is *always* enough to fully validate a UID, independently of the
> --completes-needed value (this is hardcoded).
ah, thanks for this clarification. This makes the --completes-needed
syntax even weirder.
Maybe we should change this to be --fulls-needed and add a
historical/compatibility --completes-needed alias?
> Full ownertrust only (see my remark above).
yep.
> I do not really like that "if we see certifications"... How about "if it
> is certified" instead?
>
> --completes-needed:
>
> Consider a user ID (and its associated key) to be fully valid if it is
> certified by at least this number of keys that have full ownertrust.
>
> (or: "this number of fully trusted keys")
I like both of these versions. "keys that have full ownertrust" is
slightly more specific (it avoids the confusion arising from many folks
calling valid user ID "trusted" instead of "valid"), but "fully trusted
keys" is definitely easier to read and undersatnd if you don't have that
confusion.
--dkg
More information about the Gnupg-devel
mailing list