Working with a system-shared keyring

Doug Barton dougb at
Fri Jun 10 20:43:34 CEST 2011

On 6/9/2011 11:56 PM, Werner Koch wrote:
> On Thu,  9 Jun 2011 22:38, dougb at said:
>> IMO that would be a serious regression. I have several different
> But fixes a lot of problems.  The keyring is a database and if we
> distribute this database to several files without a way to sync them;
> this leads to problems.  You may have not been affected by such problems
> but only due to the way you use gpg.

Can you elaborate on those problems? I can think of several examples of 
databases whose contents are stored in multiple files without any 
difficulty, so I'm curious.

>> it easy to keep things up to date. I also use keyrings to keep the
>> keys that have signed my key, keys that I've signed, etc.
> That's easy to figure out.  Your approach keeps duplicates of the keys;
> duplicating data is something which should not been done.

Actually I'm very careful to avoid doing just that. :)  I have various 
command-line aliases to move keys between rings depending on their 
status, de-duplicate on import, and cross-check to make sure that I 
haven't missed something.



	Nothin' ever doesn't change, but nothin' changes much.
			-- OK Go

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)

More information about the Gnupg-users mailing list