Expected behaviour setting TOFU policy

Neal H. Walfield neal at walfield.org
Fri Feb 16 20:52:35 CET 2018


Hi,

At Thu, 15 Feb 2018 17:20:14 -0500,
Konstantin Ryabitsev wrote:
> But wait, now I can omit --trust-model from the command line and I get the same
> TOFU-based result, implying that trust-model tofu+pgp now sticks, even though
> I've modified no config files:

If you don't explicitly set the trust model, then gpg uses the trust
model that is saved in the trust db.  Using --tofu-policy doesn't use
the trust db (it only updates tofu.db), but --verify does.  Hence
after calling --tofu-policy, the trust mode is not saved, but after
calling --verify it is.

In general, it is better to set the trust-model in your gpg.conf file
and never set it on the command line if only because rebuilding the
trust db is very expensive for large key rings.

I suspect that there are other bugs of this sort, and I'm not sure it
is worth fixing.

:) Neal



More information about the Gnupg-users mailing list