Confusing options for --tofu-(default-)policy=
Teemu Likonen
tlikonen at iki.fi
Sun Oct 2 20:59:06 CEST 2016
First a quote from the gpg 2.1.15 man page:
--trust-model pgp|classic|tofu|tofu+pgp|direct|always|auto
[...]
In the TOFU model, policies are associated with bindings
between keys and email addresses (which are extracted from
user ids and normalized). There are five policies, which can
be set manually using the --tofu-policy option. The default
policy can be set using the --tofu-default- policy policy.
The TOFU policies are: auto, good, unknown, bad and ask. The
auto policy is used by default (unless overridden by
--tofu-default-policy) and marks a binding as marginally
trusted. The good, unknown and bad policies mark a binding
as fully trusted, as having unknown trust or as having trust
never, respectively. [...]
So there's a mapping from tofu policy to trust: auto=marginal,
good=fully, unknown=unknown, bad=never. But why use different names? Why
not use the same names for tofu policy and trust?
--
/// Teemu Likonen - .-.. <https://github.com/tlikonen> //
// PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: </pipermail/attachments/20161002/f5eb4a9d/attachment.sig>
More information about the Gnupg-users
mailing list