New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Lookup validity field to check if keys are valid #201

Merged
merged 1 commit into from Sep 27, 2016

Conversation

Projects
None yet
2 participants
@thotypous
Contributor

thotypous commented Sep 27, 2016

Currently, the code checks the Ownertrust field [1] to look if a key should be considered as valid. However, the Ownertrust field should not be deemed to represent the level of confidence that a key is valid. Rather, it represents how much the user trusts in the owner of the key to understand correctly how key signing works and to strictly check fingerprints before signing keys. Ownertrust is used as input by the trust models to compute the validity of keys, which is printed by GnuPG in the Validity field.

This commit changes the code to check the Validity field instead of the Ownertrust field.

Keys which are at least marginally valid are also included in the user list dialog, however keys which are not fully valid are printed with dark orange background.

[1] http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob_plain;f=doc/DETAILS

Lookup validity field to check if keys are valid
Currently, the code checks the Ownertrust field [1] to look if a key
should be considered as valid. However, the Ownertrust field should not
be deemed to represent the level of confidence that a key is valid.
Rather, it represents how much the user trusts in the owner of the key
to understand correctly how key signing works and to strictly check
fingerprints before signing keys. Ownertrust is used as input by the
trust models to compute the validity of keys, which is printed by GnuPG
in the Validity field.

This commit changes the code to check the Validity field instead of the
Ownertrust field.

Keys which are at least marginally valid are also included in the user
list dialog, however keys which are not fully valid are printed with
dark orange background.

[1] http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blob_plain;f=doc/DETAILS
@annejan

This comment has been minimized.

Member

annejan commented Sep 27, 2016

This indeed seems to be a more valid way to handle the key trust.
I'll have to check if this is also the way pass handles key trust. I sort of remember a discission about this.

Merging to master, thank you very much for your contribution.

@annejan annejan merged commit 4a1e389 into IJHack:master Sep 27, 2016

3 checks passed

Snap CI The Snap CI build passed on Sep 27, 2016!
Details
continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment