diff options
author | Joey Hess <joeyh@joeyh.name> | 2017-04-29 12:23:29 -0400 |
---|---|---|
committer | Joey Hess <joeyh@joeyh.name> | 2017-04-29 13:07:48 -0400 |
commit | 237b94f6c687675215f78fba28d7e003a2b9ab7d (patch) | |
tree | e4c2c6144e1d5563218b8686cee508146a1370c8 /TODO | |
parent | 46245781f26d49037102a4c74001f47a345fa567 (diff) | |
download | debug-me-237b94f6c687675215f78fba28d7e003a2b9ab7d.tar.gz |
add Gpg web of trust parser
Diffstat (limited to 'TODO')
-rw-r--r-- | TODO | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -1,3 +1,9 @@ +* GPG WoT is checked by querying pgp.cs.uu.nl, could use wotsap if it's + locally installed. However, the version of wotsap in debian only supports + short, insecure keyids, so is less secure than using the server. +* Once we have a WoT path, we could download each gpg key in the path and + verify the path. This would avoid trusting pgp.cs.uu.nl not to be evil. + Not done yet, partly because downloading a lot of gpg keys is expensive. * Multiple --downloads at the same time or close together fail with "thread blocked indefinitely in an STM transaction" Also see it occasionally with --debug. |