[pass] There is no assurance this key belongs to the named user

Chris Down chris at chrisdown.name
Wed Apr 16 03:47:07 CEST 2014


Jason A. Donenfeld writes:
> But before you do that, would you test if adding "--trust-model
> always" to the relevant $GPG invocation suppresses that message?
> 
> And if it does, mailing list: do we want to add this?

My opinion: we are not security experts, we should let GPG do its thing
and assume the user knows what they are doing. Modifying the trust model
is not something that I think we should do.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 966 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20140416/f8527a40/attachment.asc>


More information about the Password-Store mailing list