BUG: Web of trust circumvention by secret key distribution
rodney at tillerman.to
Thu Dec 7 08:28:11 CET 2000
-----BEGIN PGP SIGNED MESSAGE-----
no. NAI PGP does that, and they end up with a user interface
which causes you to treat all keys as "untrusted" unless you've
signed them yourself.
Please, GPG's UI is nasty enough, let's not make it even harder to use.
At 01:59 AM 12/7/00 -0800, L. Sassaman wrote:
>Actually, a simpler solution would be to require that the user set the
>implicit ultimate trust on the secret key manually, correct?
>On 7 Dec 2000, Florian Weimer wrote:
> > This is just some more stuff from the 'cracking GnuPG by cheating'
> > department.
> > GnuPG accepts secret keys from key servers.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0
-----END PGP SIGNATURE-----
More information about the Gnupg-devel