GnuPG 1.0.7: Undocumented calculated trust in --with-colon output
Wed May 1 00:57:01 2002
-----BEGIN PGP SIGNED MESSAGE-----
after compiling and installing GnuPG 1.0.7, running 'gpg
- --rebuild-keydb-caches', making my keys ultimately trusted and running
'gpg --check-trustdb' I noticed that a lot of keys in the 'gpg
- --list-keys --with-colon --fixed-list-mode' output have a '-' as
calculated trust. Example:
uid:-::::::::Werner Koch (gnupg sig) <firstname.lastname@example.org>:
Unfortunately the meaning of the '-' is not documented in doc/DETAILS:
2. Field: A letter describing the calculated trust. This is a single
letter, but be prepared that additional information may
in some future versions. (not used for secret keys)
o = Unknown (this key is new to the system)
i = The key is invalid (e.g. due to a missing
d = The key has been disabled
r = The key has been revoked
e = The key has expired
q = Undefined (no value assigned)
n = Don't trust this key at all
m = There is marginal trust in this key
f = The key is full trusted.
u = The key is ultimately trusted; this is only used for
keys for which the secret key is also available.
I'm mainly asking because programs which parse the --with-colon output
need to be updated to take the '-' into account.
The '-' probably means that no trust path (from one of my ultimately
trusted keys) leads to this key and therefore the trust can't be
calculated. Is this correct?
If yes, then why isn't 'q' used? Or does 'q' mean there is a path from
an u.t. key to this key but at least one key on the path lacks the
owner trust value.
If this is the case, then why 'o' isn't used? Is 'o' still used? I never
saw it on a key.
Last but not least, the description of 'u' in doc/DETAILS is outdated as
'u' is no longer automatically used for complete key pairs.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
-----END PGP SIGNATURE-----