Expected behaviour setting TOFU policy
Neal H. Walfield
neal at walfield.org
Fri Feb 16 20:52:35 CET 2018
At Thu, 15 Feb 2018 17:20:14 -0500,
Konstantin Ryabitsev wrote:
> But wait, now I can omit --trust-model from the command line and I get the same
> TOFU-based result, implying that trust-model tofu+pgp now sticks, even though
> I've modified no config files:
If you don't explicitly set the trust model, then gpg uses the trust
model that is saved in the trust db. Using --tofu-policy doesn't use
the trust db (it only updates tofu.db), but --verify does. Hence
after calling --tofu-policy, the trust mode is not saved, but after
calling --verify it is.
In general, it is better to set the trust-model in your gpg.conf file
and never set it on the command line if only because rebuilding the
trust db is very expensive for large key rings.
I suspect that there are other bugs of this sort, and I'm not sure it
is worth fixing.
More information about the Gnupg-users