Several questions as feedback on gnupg

[Loic Bernable]

--kjpMrWxdCilgNbo1
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Selon David Shaw :=20
> There are two different trust values.  The one you are talking about
> here is the "owner trust".  It tells GnuPG how well you trust the
> owner of that key to sign other keys.  Nobody can change their own
> owner trust without walking up to your computer and doing it - it is
> not part of the key.

I know, but an end user computer can never be as secure as we want.
That's the reason of the existence of the passphrase, right ?=20

If you locally sign a key, it will also remain local to your computer,
but you are still asked for the passphrase. The question was to know why
there wasn't a verification of the identity of the person modifying the
trust DB. Is there a specific reason, except to make things easier ?

--=20
### Lo=EFc Bernable aka Leto -- leto@vilya.org -- Parinux, April, LinuxFR #=
##
And that's the lesson part. To get all Biblical: do unto others as
you would have them do unto you. Of course, the modern
version is: do unto others before they can do the same unto you.

--kjpMrWxdCilgNbo1
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8TwgYX1807qC7PesRApDoAJ9+U4BBppgLNlCk8jZE3zC/BsJdIACgiXMx
2R48JYLvY8iGEmTBtEWCAVc=
=2BSS
-----END PGP SIGNATURE-----

--kjpMrWxdCilgNbo1--