Several questions as feedback on gnupg

Loic Bernable
Wed Jan 23 20:02:01 2002

Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Selon David Shaw :=20
> There are two different trust values.  The one you are talking about
> here is the "owner trust".  It tells GnuPG how well you trust the
> owner of that key to sign other keys.  Nobody can change their own
> owner trust without walking up to your computer and doing it - it is
> not part of the key.

I know, but an end user computer can never be as secure as we want.
That's the reason of the existence of the passphrase, right ?=20

If you locally sign a key, it will also remain local to your computer,
but you are still asked for the passphrase. The question was to know why
there wasn't a verification of the identity of the person modifying the
trust DB. Is there a specific reason, except to make things easier ?

### Lo=EFc Bernable aka Leto -- -- Parinux, April, LinuxFR #=
And that's the lesson part. To get all Biblical: do unto others as
you would have them do unto you. Of course, the modern
version is: do unto others before they can do the same unto you.

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see