Checking that we trust recipients breaks GPG's web of trust model about hiera-eyaml-gpg HOT 1 OPEN

Hmmm. Tricky.

The code you refer to checks for the validity of keys solely in order to provide a more helpful error message than that returned by the GPG library (notably, specifying which of the keys isn't trusted). You can double check, but I'm pretty sure that removing the check will simply replace the error with another more cryptic message directly from the GPG call here (note that we also pass in the always_trust parameter to this call): https://github.com/sihil/hiera-eyaml-gpg/blob/master/lib/hiera/backend/eyaml/encryptors/gpg.rb#L141

It might be that GPGME::VALIDITY_FULL is too high and the latter call would pass with lower validity levels. However, fundamentally all I'm doing in this code is wrapping the existing behaviour of GPG which is tripping you up here due to GPG being designed only for human->human communication and not really designed for communication with machines - in which I agree the human->human web of trust

GPG does have separate concepts of trust and validity. The former being the level of trust in the owner of a key and the latter being the confidence in a given encryption or signing key. I haven't used it enough, but it might be possible that there are ways of saying a key is valid without trusting it.

One alternative is to have a whitelist of valid keys that are not validity checked. Any key not on the whitelist is checked by the code that is there and we always pass in always_trust=true to the main GPG call.

If you can build the model you are after with the GPG CLI then I'm happy to tweak the implementation or accept a PR. However, I have a hunch that you are trying to change how the GPG library works.

from hiera-eyaml-gpg.