On 2017/06/22 14:34, martin f krafft wrote: > also sprach Andrew Gallagher <andr...@andrewg.com> [2017-06-21 15:57 +0200]: >> I have a quick and dirty tool here: >> https://github.com/andrewgdotcom/synctrust > > Yeah, that'll do the job, except it blindly overwrites changes made > locally. It's unlikely this happens, but say I declared your key > trustworthy last night at home, forgot to run sync, and > not-trustworthy this morning at the office (sorry, this is just > a silly example…), and then ran sync, your key would be trustworthy > again.
Yes, this is a limitation. I did say it was dirty. ;-) > On the other hand, it'd be totally possible to export ownertrust > prior to the import, and then fire up vimdiff or the like on the two > versions. Not exactly a great UID at all. Not the raw diff, no. But it might be possible to run a diff on the ownertrusts, ignore any "normal" changes (e.g. where the old/local trust state was "unknown") and present the user with a list of potentially dangerous conflicts, such as your unlikely scenario above. > It'd be better if trustdb would be journalled using a mergeable > approach. Trust signatures could trivially implement this, iff it were possible to ltsign a key without also certifying it. (Feature request?) > #SyncIsHard Amen. A
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
