From fd5e0464062290d60e83473d72a4849b981fd277 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9ana=20=E6=B1=9F?= <leana.jiang+git@icloud.com>
Date: Sat, 17 Jan 2026 21:52:45 +0100
Subject: [PATCH] home/gpg: reduce trust of other people

---
 nix/homeModules/common/gpg.nix | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/nix/homeModules/common/gpg.nix b/nix/homeModules/common/gpg.nix
index 23586a28..2d969411 100644
--- a/nix/homeModules/common/gpg.nix
+++ b/nix/homeModules/common/gpg.nix
@@ -5,13 +5,17 @@
     gpg-agent.pinentry.package = pkgs.pinentry-tty;
   };
 
+  # Fun video btw
+  # https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i
   programs.gpg.publicKeys =
     let
       fromUrl =
         {
           url,
           hash,
-          trust ? 5,
+          # https://security.stackexchange.com/a/69089
+          # One lower than ultimate (introducer in the web of trust) is good enough.
+          trust ? 4,
         }:
         {
           source = pkgs.fetchurl { inherit url hash; };
@@ -27,6 +31,7 @@
       {
         user = "leana8959";
         hash = "sha256-Y+v/8bLkyUIe4vjToChQP3ChPxRV/DqI72OTsx6F0oo=";
+        trust = 5;
       }
       {
         user = "vanilla-extracts";