Trust Signature and Trust Level Bug

Nicholas Cole nicholas.cole at
Sat Aug 13 12:07:54 CEST 2011

On Sat, Aug 13, 2011 at 3:03 AM, Daniel Kahn Gillmor
> Could you open a ticket at
> to record your observation and any proposed
> changes in behavior?

Dear David,

I've opened a bug -

I've slightly expanded the write-up there, and included a more
extended discussion.

Where a user specifies two logically inconsistent things, the question
is which one to honour.  Given the typical use-cases for trust
signatures, I think it makes sense to honour the trust signature,
which is in line with gpg's current operation.

However, it is clearly a security issue if a trust signature can
trick/force a user to end up trusting a key for cases not intended by
the trust signature.  I'm sure this a case of the User Interface
trying to be too clever, rather than a more serious underlying issue.

Best wishes,


More information about the Gnupg-devel mailing list