Why is ~/.gnupg/trustdb.gpg readable by all?
Wed Feb 7 01:15:07 2001
"Steven E. Harris" <email@example.com> writes:
> The GnuPG manual mentions that the trust information is kept separate
> from your public keyring, presumably to avoid spilling what you think
> of others when you export your public keyring. I was surprised to
> notice that the default permissions on trustdb.gpg are both group- and
> world-readable. Should this file be more private? If not, what's the
Your question is still a good one, but I'd just point out that the default
permissions on ~/.gnupg are rwx------, are they not? So the permissions on
trustdb.gpg won't matter *too* much...
SpeedGate Communications, Inc.