diff --git a/nix/homeModules/common/gpg.nix b/nix/homeModules/common/gpg.nix
index 23586a28..2d969411 100644
--- a/nix/homeModules/common/gpg.nix
+++ b/nix/homeModules/common/gpg.nix
@@ -5,13 +5,17 @@
     gpg-agent.pinentry.package = pkgs.pinentry-tty;
   };
 
+  # Fun video btw
+  # https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i
   programs.gpg.publicKeys =
     let
       fromUrl =
         {
           url,
           hash,
-          trust ? 5,
+          # https://security.stackexchange.com/a/69089
+          # One lower than ultimate (introducer in the web of trust) is good enough.
+          trust ? 4,
         }:
         {
           source = pkgs.fetchurl { inherit url hash; };
@@ -27,6 +31,7 @@
       {
         user = "leana8959";
         hash = "sha256-Y+v/8bLkyUIe4vjToChQP3ChPxRV/DqI72OTsx6F0oo=";
+        trust = 5;
       }
       {
         user = "vanilla-extracts";