Managing the WoT with GPG

martin f krafft madduck at madduck.net
Thu Jun 22 15:34:59 CEST 2017


also sprach Andrew Gallagher <andrewg at andrewg.com> [2017-06-21 15:57 +0200]:
> I have a quick and dirty tool here:
> https://github.com/andrewgdotcom/synctrust

Yeah, that'll do the job, except it blindly overwrites changes made
locally. It's unlikely this happens, but say I declared your key
trustworthy last night at home, forgot to run sync, and
not-trustworthy this morning at the office (sorry, this is just
a silly example…), and then ran sync, your key would be trustworthy
again.

On the other hand, it'd be totally possible to export ownertrust
prior to the import, and then fire up vimdiff or the like on the two
versions. Not exactly a great UID at all.

It'd be better if trustdb would be journalled using a mergeable
approach.

And then again, something like jetring is far beyond overkill for
day-to-day usage…

#SyncIsHard

-- 
@martinkrafft | http://madduck.net/ | http://two.sentenc.es/
 
"convictions are more dangerous enemies of truth than lies."
                                                 - friedrich nietzsche
 
spamtraps: madduck.bogus at madduck.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: digital_signature_gpg.asc
Type: application/pgp-signature
Size: 1118 bytes
Desc: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
URL: </pipermail/attachments/20170622/fb72fdd1/attachment.sig>


More information about the Gnupg-users mailing list