[gnupg] trustdb problems, con't

Werner Koch wk at isil.d.shuttle.de
Wed Jan 27 14:35:43 CET 1999

Thomas Roessler <roessler at guug.de> writes:

> With PGP, we get four IDs with marginal validity, and the key won't
> be used as an "introducer" - which is safe [2].  With gnupg, we get
> a key with four marginally trusted certificates which lead to full
> validity of the key.  It will be used as an introducer, just like a

So you found a bug.  The code should remove all duplicate signators of
a key and only evalutate one.

>     full_count/full_needed + marginal_count/marginals_needed >= 1

Maybe.  The TODO ays that this code must be tested much more.

>     some kind of weight for the owner's trust.  For a clean approach
>     to the web of trust, including recommendations, see Maurer's
>     paper "Modelling a public key infrastructure".  (Thanks to gec

I know this paper and originally I intended to do this - I have not
yet found the time for it and so I think we should go with PGP
approach for a while.


More information about the Gnupg-devel mailing list