[git] GnuPG - branch, master, updated. gnupg-2.1.19-41-g8f02864

by Werner Koch cvs at cvs.gnupg.org
Wed Mar 8 11:38:57 CET 2017 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  8f028642239fa992c6c059e3c1b4421a1813c827 (commit)
       via  f0257b4a86b73f5b956028e68590b6d2a23ea4da (commit)
      from  b71384c8054ce2f245ccfae02b8ee81e1adfc512 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 8f028642239fa992c6c059e3c1b4421a1813c827
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Mar 8 11:34:41 2017 +0100

    dirmngr: Do not put a keyserver into a new dirmngr.conf
    
    * g10/dirmngr-conf.skel: Do not define keyservers.
    --

diff --git a/g10/dirmngr-conf.skel b/g10/dirmngr-conf.skel
index fbb730b..e2885e6 100644
--- a/g10/dirmngr-conf.skel
+++ b/g10/dirmngr-conf.skel
@@ -42,20 +42,21 @@
 # through the usual method:
 #      hkp://keyserver.example.net:22742
 #
-# Most users just set the name and type of their preferred keyserver.
 # Note that most servers (with the notable exception of
 # ldap://keyserver.pgp.com) synchronize changes with each other.  Note
 # also that a single server name may actually point to multiple
-# servers via DNS round-robin.  hkp://keys.gnupg.net is an example of
-# such a "server", which spreads the load over a number of physical
-# servers.
+# servers via DNS round-robin or service records.
 #
 # If exactly two keyservers are configured and only one is a Tor hidden
 # service, Dirmngr selects the keyserver to use depending on whether
-# Tor is locally running or not (on a per session base).
+# Tor is locally running or not (on a per session base).  Example:
+#
+#  keyserver hkp://jirk5u4osbsr34t5.onion
+#  keyserver hkps://hkps.pool.sks-keyservers.net
+#
+# If no keyserver is specified GnuPG uses
+#  hkps://hkps.pool.sks-keyservers.net
 
-keyserver hkp://jirk5u4osbsr34t5.onion
-keyserver hkp://keys.gnupg.net
 
 # --hkp-cacert FILENAME
 #
@@ -65,5 +66,8 @@ keyserver hkp://keys.gnupg.net
 # root certificates here.  If that file is in PEM format a ".pem"
 # suffix is expected.  This option may be given multiple times to add
 # more root certificates.  Tilde expansion is supported.
+# This is not required when the default server
+#   hkps://hkps.pool.sks-keyservers.net
+# is used.
 
 #hkp-cacert /path/to/CA/sks-keyservers.netCA.pem

commit f0257b4a86b73f5b956028e68590b6d2a23ea4da
Author: Werner Koch <wk at gnupg.org>
Date:   Wed Mar 8 10:46:09 2017 +0100

    doc: Add a note to the trust model direct.
    
    * doc/gpg.texi (GPG Configuration Options): Add note.  Chnage Index
    from trust-mode:foo to trust-model:foo.

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 55482b1..0e107ec 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1608,17 +1608,17 @@ Set what trust model GnuPG should follow. The models are:
 @table @asis
 
   @item pgp
-  @opindex trust-mode:pgp
+  @opindex trust-model:pgp
   This is the Web of Trust combined with trust signatures as used in PGP
   5.x and later. This is the default trust model when creating a new
   trust database.
 
   @item classic
-  @opindex trust-mode:classic
+  @opindex trust-model:classic
   This is the standard Web of Trust as introduced by PGP 2.
 
   @item tofu
-  @opindex trust-mode:tofu
+  @opindex trust-model:tofu
   @anchor{trust-model-tofu}
   TOFU stands for Trust On First Use.  In this trust model, the first
   time a key is seen, it is memorized.  If later another key is seen
@@ -1664,7 +1664,7 @@ Set what trust model GnuPG should follow. The models are:
   @code{undefined} trust level is returned.
 
   @item tofu+pgp
-  @opindex trust-mode:tofu+pgp
+  @opindex trust-model:tofu+pgp
   This trust model combines TOFU with the Web of Trust.  This is done
   by computing the trust level for each model and then taking the
   maximum trust level where the trust levels are ordered as follows:
@@ -1677,12 +1677,16 @@ Set what trust model GnuPG should follow. The models are:
   which some security-conscious users don't like.
 
   @item direct
-  @opindex trust-mode:direct
+  @opindex trust-model:direct
   Key validity is set directly by the user and not calculated via the
-  Web of Trust.
+  Web of Trust.  This model is soley based on the key and does
+  not distinguish user IDs.  Note that when changing to another trust
+  model the trust values assigned to a key are transformed into
+  ownertrust values, which also indicate how you trust the owner of
+  the key to sign other keys.
 
   @item always
-  @opindex trust-mode:always
+  @opindex trust-model:always
   Skip key validation and assume that used keys are always fully
   valid. You generally won't use this unless you are using some
   external validation scheme. This option also suppresses the
@@ -1692,7 +1696,7 @@ Set what trust model GnuPG should follow. The models are:
   disabled keys.
 
   @item auto
-  @opindex trust-mode:auto
+  @opindex trust-model:auto
   Select the trust model depending on whatever the internal trust
   database says. This is the default model if such a database already
   exists.

-----------------------------------------------------------------------

Summary of changes:
 doc/gpg.texi          | 20 ++++++++++++--------
 g10/dirmngr-conf.skel | 18 +++++++++++-------
 2 files changed, 23 insertions(+), 15 deletions(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list