Trust model tofu+pgp and User ID in Signer's UID packet

Wiktor Kwapisiewicz wiktor at
Fri May 3 13:20:30 CEST 2019

Hi Werner,

On 03.05.2019 10:57, Werner Koch wrote:
> the attached patch is for master but it should also apply to 2.2.  Would
> you be so kind and give it a try?

I did try it on master and yes, it does work.

The message printed changes from (before patch):

gpg: Good signature from "John Doe <john at>" [full]
gpg: WARNING: We do NOT trust this key!
gpg:          The signature is probably a FORGERY.

To this (after patching):

gpg: Good signature from "John Doe <john at>" [full]
gpg: john at Verified 2 signatures in the past 59 minutes.
      Encrypted 0 messages.

Thanks for the quick fix!

For the record it seems there is a minor issue when the patch is applied 
on 2.2.15 as mailbox_from_userid changed the number of arguments.

Kind regards,


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 919 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-devel mailing list