On Wed, Jan 15, 2014 at 12:35:44AM +0000, Dominic Hargreaves wrote:
> On Wed, Jan 15, 2014 at 12:25:23AM +0000, Dominic Hargreaves wrote:
> > This appears to break the RT tests, which use this parameter:
>
> Just to be clear: since trust-model=always is only used in the test
> suite, I don't believe this issue affects running installations.
It's also a really common configuration to run in production,
especially if you tell RT to auto-download keys and want it to encrypt
back to randoms who email in, process of:
New ticket from b...@example.com, signed, encrypted to queue key.
RT downloads b...@example.com's key because you have
'auto-key-locate' => 'keyserver',
'keyserver-options' => 'auto-key-retrieve',
set in %GnuPGOptions
When you reply back to the user, you pick the Reply option, if there's
no trust path in the database gpg can kick back a warning/error about
not wanting to encrypt to an untrusted key.
Recipient 'b...@example.com' is unusable, the reason is 'Key not trusted'
For sites that manually keep a tightly controlled keyring, this isn't an
issue. I don't have statistics on how many users run with trust-model =
always but I definitely run into it with clients.
-kevin
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
