Why is ~/.gnupg/trustdb.gpg readable by all?

[Dan Harkless]

"Steven E. Harris" <steven.harris@tenzing.com> writes:
> The GnuPG manual mentions that the trust information is kept separate
> from your public keyring, presumably to avoid spilling what you think
> of others when you export your public keyring. I was surprised to
> notice that the default permissions on trustdb.gpg are both group- and
> world-readable. Should this file be more private? If not, what's the
> motivation?

Your question is still a good one, but I'd just point out that the default
permissions on ~/.gnupg are rwx------, are they not?  So the permissions on
trustdb.gpg won't matter *too* much...

--
Dan Harkless
SpeedGate Communications, Inc.