avoiding long trustdb updates

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Oct 4 22:17:57 CEST 2016

Hi GnuPG folks--

I noticed this in git master:

commit de67055aff916455cec89fab1d95177d3b383008
Author: Werner Koch <wk at gnupg.org>
Date:   Fri Sep 30 16:58:10 2016 +0200

    wks: Avoid long trustdb checks.
    * tools/wks-receive.c (verify_signature): Use --always-trust.
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/tools/wks-receive.c b/tools/wks-receive.c
index 0deca9b..7292cff 100644
--- a/tools/wks-receive.c
+++ b/tools/wks-receive.c
@@ -164,6 +164,7 @@ verify_signature (receive_ctx_t ctx)
     ccparray_put (&ccp, "--verbose");
   ccparray_put (&ccp, "--enable-special-filenames");
   ccparray_put (&ccp, "--status-fd=2");
+  ccparray_put (&ccp, "--always-trust"); /* To avoid trustdb checks.  */
   ccparray_put (&ccp, "--verify");
   ccparray_put (&ccp, "--");
   ccparray_put (&ccp, "-&@INEXTRA@");

Is there a reason to use --always-trust here instead of
--no-auto-check-trustdb ?  --always-trust seems like it should have more
side effects in terms of how gpg operates, and if the goal is just "to
avoid trustdb checks" then it seems like we might prefer

what do you think?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 930 bytes
Desc: not available
URL: </pipermail/attachments/20161004/3cb97f10/attachment.sig>

More information about the Gnupg-devel mailing list