Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#47407 - [gnupg] Enable new TOFU trust model

Attached to Project: Arch Linux
Opened by Michael Laß (Bevan) - Wednesday, 16 December 2015, 13:42 GMT
Last edited by Gaetan Bisson (vesath) - Monday, 21 December 2015, 04:49 GMT
Task Type Feature Request
Category Packages: Core
Status Closed
Assigned To Gaetan Bisson (vesath)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

gnupg 2.1.10 comes with two new trust models "tofu" and "tofu+gpg". TOFU stands for "Trust On First Use" and is explained in more detail here:
https://lists.gnupg.org/pipermail/gnupg-users/2015-October/054608.html

This new feature seems to be disabled in Arch's build but can be enabled by adding "--enable-tofu" to configure during compilation. I briefly tested compilation and functionality.

Since these trust models have to be enabled either in gpg.conf or using command line parameters, I think it is safe to add this configure flag to the version in [core].
This task depends upon

Closed by  Gaetan Bisson (vesath)
Monday, 21 December 2015, 04:49 GMT
Reason for closing:  Implemented
Additional comments about closing:  gnupg-2.1.10-2 in [testing]
Comment by Gaetan Bisson (vesath) - Thursday, 17 December 2015, 06:49 GMT
This new trust model being very early work is probably a good reason why upstream has not enabled it by default. I feel quite uncomfortable reverting this choice in our package.
Comment by Michael Laß (Bevan) - Thursday, 17 December 2015, 09:31 GMT
I digged a bit more into this. The new trust models are enabled automatically (so no need for --enable-tofu) but require sqlite. So adding sqlite as a dependency should enable them. But I don't know if they are worth the additional dependency.

Loading...