Managing the WoT with GPG
peter at digitalbrains.com
Fri Jun 23 17:56:18 CEST 2017
On 23/06/17 15:50, Neal H. Walfield wrote:
> Ensuring that a cache is consistent is *hard*. I don't think we want
> to add complexity (nevermind a cache!) to this security-critical
There are two hard problems in computer science: Cache invalidation,
naming things, and off-by-one errors.
Martin, I think --no-auto-check-trustdb and a cron job will already make
it much more bearable, with the current state of things. That's what I'd
Other than that, I don't think my outlined strategy is very complex, it
basically boils down to not actually checking a signature until it is
used to compute validity, and stop for a specific key when full validity
is reached. I could be wrong though. It just doesn't seem like it should
be high on a TODO list, which in practice probably means it won't be
done. If the cron job wasn't available as an option, the situation would
PS: I didn't come up with "There are two..." but I can't be arsed to
look up proper attribution :-).
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users