avoiding long trustdb updates
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Oct 4 22:17:57 CEST 2016
Hi GnuPG folks--
I noticed this in git master:
commit de67055aff916455cec89fab1d95177d3b383008
Author: Werner Koch <wk at gnupg.org>
Date: Fri Sep 30 16:58:10 2016 +0200
wks: Avoid long trustdb checks.
* tools/wks-receive.c (verify_signature): Use --always-trust.
Signed-off-by: Werner Koch <wk at gnupg.org>
diff --git a/tools/wks-receive.c b/tools/wks-receive.c
index 0deca9b..7292cff 100644
--- a/tools/wks-receive.c
+++ b/tools/wks-receive.c
@@ -164,6 +164,7 @@ verify_signature (receive_ctx_t ctx)
ccparray_put (&ccp, "--verbose");
ccparray_put (&ccp, "--enable-special-filenames");
ccparray_put (&ccp, "--status-fd=2");
+ ccparray_put (&ccp, "--always-trust"); /* To avoid trustdb checks. */
ccparray_put (&ccp, "--verify");
ccparray_put (&ccp, "--");
ccparray_put (&ccp, "-&@INEXTRA@");
Is there a reason to use --always-trust here instead of
--no-auto-check-trustdb ? --always-trust seems like it should have more
side effects in terms of how gpg operates, and if the goal is just "to
avoid trustdb checks" then it seems like we might prefer
--no-auto-check-trustdb.
what do you think?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 930 bytes
Desc: not available
URL: </pipermail/attachments/20161004/3cb97f10/attachment.sig>
More information about the Gnupg-devel
mailing list