Skip to content

Add `--gpg-ownertrust` functionality to the library

--gpg-ownertrust reads gpg's ownertrust db and uses gpg's trust model:

        // For GnuPG to consider a non-ultimately trusted root as
        // valid, there must be a path from an ultimately trusted root
        // to the non-ultimately trusted root.  If this is the case,
        // add those roots.

There are actually three separate things going on:

  1. Reading the ownertrust values
  2. Parsing the ownertrust format
  3. Realizing gpg's trust model.

It is possible to add (3) to the library without doing (1) or (2). Although parsing the ownertrust isn't so hard. I definitely don't want to shell out to gpg from the library.

Also, I'm not yet convinced I want to do this. However, the octopus has a copy of this code...

This issue is here to document this limitation and my current thoughts. Let's discuss it more before implementing anything.