[Announce] A new GnuPG snapshot (unstable)

Stefan H. Holek stefan at epy.co.at
Sat Nov 3 13:44:02 CET 2001


On Tue, 23 Oct 2001, Werner Koch wrote:

> Changes since 1.0.6a:
> 
>     * The entire key validation process (trustdb) has been revamped.
>       See the man page entries for --update-trustdb, --check-trustdb
>       and --no-auto-check-trustdb.

I gave 1.0.6b a spin recently and found that the trustdb stuff has
considerably improved over 1.0.6. This is good news! Even expired keys do
now work for key validation, they did not in plain 1.0.6...

BTW, gpg --list-keys --with-colons does not display the ownertrust
anymore!? Maybe I am just missing something here...

>     * --trusted-keys is again obsolete, --edit can be used to set the
>       ownertrust of any key to ultimately trusted.

What exactly is the rational behind beeing able to set someone's public
key to ultimatley trusted? It is my understanding that what makes a key
ultimately trusted is the fact that I own the private key as well.

What is the difference between ultimately and completely trusted when 
someone else's public key cert is marked as such? Also, what's the
difference between not trusted and unknown (for validity computation, 
that is)?

Thanks,
Stefan





More information about the Gnupg-devel mailing list