don't bypass the web of trust (StackExchange#378)

the choice whether to use a web of trust and on which trust level is up to the user of PGP/GPG and must not be overriden by tools that are set on top users can decide to ignore this safety net by setting their gpg.conf adequately, defining an alias for `gpg --trust-model=always` or passing the env GPG to blackbox in this way but we should not override their preferences hardcoded
Lightning- · Nov 2, 2023 · 8c387ce · 8c387ce
1 parent 0e602cf
commit 8c387ce
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 2 deletions.
diff --git a/bin/_blackbox_common.sh b/bin/_blackbox_common.sh
@@ -253,7 +253,7 @@ function encrypt_file() {
   encrypted="$2"
 
   echo "========== Encrypting: $unencrypted" >&2
-  $GPG --use-agent --yes --trust-model=always --encrypt -o "$encrypted"  $(awk '{ print "-r" $1 }' < "$BB_ADMINS") "$unencrypted" >&2
+  $GPG --use-agent --yes --encrypt -o "$encrypted"  $(awk '{ print "-r" $1 }' < "$BB_ADMINS") "$unencrypted" >&2
   echo '========== Encrypting: DONE' >&2
 }
 

diff --git a/pkg/crypters/gnupg/gnupg.go b/pkg/crypters/gnupg/gnupg.go
@@ -106,7 +106,6 @@ func (crypt CrypterHandle) Encrypt(filename string, umask int, receivers []strin
 	a := []string{
 		"--use-agent",
 		"--yes",
-		"--trust-model=always",
 		"--encrypt",
 		"-o", encrypted,
 	}