FS#47407 - [gnupg] Enable new TOFU trust model
Attached to Project:
Arch Linux
Opened by Michael Laß (Bevan) - Wednesday, 16 December 2015, 13:42 GMT
Last edited by Gaetan Bisson (vesath) - Monday, 21 December 2015, 04:49 GMT
Opened by Michael Laß (Bevan) - Wednesday, 16 December 2015, 13:42 GMT
Last edited by Gaetan Bisson (vesath) - Monday, 21 December 2015, 04:49 GMT
|
Details
Description:
gnupg 2.1.10 comes with two new trust models "tofu" and "tofu+gpg". TOFU stands for "Trust On First Use" and is explained in more detail here: https://lists.gnupg.org/pipermail/gnupg-users/2015-October/054608.html This new feature seems to be disabled in Arch's build but can be enabled by adding "--enable-tofu" to configure during compilation. I briefly tested compilation and functionality. Since these trust models have to be enabled either in gpg.conf or using command line parameters, I think it is safe to add this configure flag to the version in [core]. |
This task depends upon
Closed by Gaetan Bisson (vesath)
Monday, 21 December 2015, 04:49 GMT
Reason for closing: Implemented
Additional comments about closing: gnupg-2.1.10-2 in [testing]
Monday, 21 December 2015, 04:49 GMT
Reason for closing: Implemented
Additional comments about closing: gnupg-2.1.10-2 in [testing]
Comment by Gaetan Bisson (vesath) -
Thursday, 17 December 2015, 06:49 GMT
This new trust model being very early work is probably a good
reason why upstream has not enabled it by default. I feel quite
uncomfortable reverting this choice in our package.
Comment by Michael Laß (Bevan) -
Thursday, 17 December 2015, 09:31 GMT
I digged a bit more into this. The new trust models are enabled
automatically (so no need for --enable-tofu) but require sqlite.
So adding sqlite as a dependency should enable them. But I don't
know if they are worth the additional dependency.