I noticed in testing that if you mark a root certificate as trusted in Kleopatra and do not have a trustlist.txt in the GNUPGHOME directory that Kleopatra does not write "include-default" in this trustlist.
This has the ugly side effect that once you mark a certificate as trusted the system wide trustlist.txt is ignored, changing the trust values of existing certificates.
So if the file trustlist.txt in the GNUPGHOME does not exist Kleopatra should add the following header:
# This is the global list of trusted keys. Comment lines, like this # one, as well as empty lines are ignored. Lines have a length limit # but this is not serious limitation as the format of the entries is # fixed and checked by gpg-agent. A non-comment line starts with # optional white space, followed by the SHA-1 fingerpint in hex, # optionally followed by a flag character which my either be 'P', 'S' # or '*'. This file will be read by gpg-agent if no local trustlist # is available or if the statement "include-default" is used in the # local list. You should give the gpg-agent(s) a HUP after editing # this file. # Include the default trust list include-default