`gpg --trust-model always --verify` produces incongruous warning "Using untrusted key!"
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	dkg
	Mar 14 2025, 8:04 PM

Description

I would expect --trust-model always to mean that every key in my keyring is "trusted". But the last line of gpg output seems to contradict that:

$ gpg --homedir g --trust-model always --verify test.msg.sig test.msg
gpg: Signature made Fri 14 Mar 2025 02:00:18 PM EDT
gpg:                using EDDSA key 08E9FF71DEA7111BF836E4CE97D936B918D1B12A
gpg: Good signature from "test key" [unknown]
gpg: WARNING: Using untrusted key!
$

Details

Version: 2.4.7

Event Timeline

dkg created this task.Mar 14 2025, 8:04 PM

This seems to be the case on 2.2.46 as well, fwiw. i don't think it's new in 2.4.7.

This has always been the case. git blame shows for check_signatures_trust:

7250331472 (Repo Admin          2003-06-05  559)   if ( opt.trust_model==TM_ALWAYS )
7250331472 (Repo Admin          2003-06-05  560)     {
7250331472 (Repo Admin          2003-06-05  561)       if( !opt.quiet )
7250331472 (Repo Admin          2003-06-05  562)         log_info(_("WARNING: Using untrusted key!\n"));

It would be surprising to change this after at least 22 years. I have not checked but it is likely that this is even a older than 22 years.

`gpg --trust-model always --verify` produces incongruous warning "Using untrusted key!"Closed, ResolvedPublicActions

Description

Details

Event Timeline

`gpg --trust-model always --verify` produces incongruous warning "Using untrusted key!"
Closed, ResolvedPublic
Actions