On 2014-04-16 09:47, Chris Down wrote: > Jason A. Donenfeld writes: > > But before you do that, would you test if adding "--trust-model > > always" to the relevant $GPG invocation suppresses that message? > > > > And if it does, mailing list: do we want to add this? > > My opinion: we are not security experts, we should let GPG do its thing > and assume the user knows what they are doing. Modifying the trust model > is not something that I think we should do.
I agree; setting --trust-model always is the Wrong Solution™. The user should know enough GPG to be able to mark at least their own key as trusted, otherwise GPG is pretty pointless. -- Regards, Matthew Cengia
signature.asc
Description: Digital signature
_______________________________________________ Password-Store mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/password-store
