trustdb is not updated without ultimately trusted keys

Peter Palfrader at
Sat Nov 29 06:29:37 CET 2003

Since Debian's package tracking system seems to be down, I'll let you
know directly of this small bug in gnupg 1.2.3:

GnuPG does not recompute the trustdb if there are no ultimately trusted
keys left.

set -e
mkdir test-gpg;
chmod go-rwx test-gpg;
cd test-gpg
export GNUPGHOME=.
echo 'keyserver' > gpg.conf
gpg --recv 94c09c7f
gpg --with-colons --list-key
echo '5B00C96D5D54AEE1206BAF84DE7AAF6E94C09C7F:6:' | gpg --import-ownertrust
gpg --with-colons --list-key
echo '5B00C96D5D54AEE1206BAF84DE7AAF6E94C09C7F:3:' | gpg --import-ownertrust
gpg --with-colons --list-key
cd ..
rm -rf test-gpg
) 2>/dev/null | grep '^pub'


pub:-:1024:17:DE7AAF6E94C09C7F:1999-11-10:::-:Peter Palfrader::scESC:
pub:u:1024:17:DE7AAF6E94C09C7F:1999-11-10:::u:Peter Palfrader::scESC:
pub:u:1024:17:DE7AAF6E94C09C7F:1999-11-10:::n:Peter Palfrader::scESC:

Note that the last line still has ultimate trust for the key.

(That's debian bug #222368, so you can Cc 222368 at if you
 PGP signed and encrypted  |  .''`.  ** Debian GNU/Linux **
    messages preferred.    | : :' :      The  universal
                           | `. `'      Operating System |   `-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : /pipermail/attachments/20031129/7d8ba2af/attachment.bin

More information about the Gnupg-devel mailing list