[git] GnuPG - branch, master, updated. gnupg-2.1.23-5-ge6f8411
by Daniel Kahn Gillmor
cvs at cvs.gnupg.org
Fri Aug 11 15:44:32 CEST 2017
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".
The branch, master has been updated
via e6f84116abca2ed49bf14b2e28c3c811a3717227 (commit)
from 2d6832aa83ebdf3fe422c7c7d5411d1b44a6ac34 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e6f84116abca2ed49bf14b2e28c3c811a3717227
Author: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
Date: Fri Aug 11 02:26:52 2017 -0400
gpg: default to --no-auto-key-retrieve.
* g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the
default keyserver options.
* doc/gpg.texi: document this change.
--
This is a partial reversion of
7e1fe791d188b078398bf83c9af992cb1bd2a4b3. Werner and i discussed it
earlier today, and came to the conclusion that:
* the risk of metadata leakage represented by a default
--auto-key-retrieve, both in e-mail (as a "web bug") and in other
contexts where GnuPG is used to verified signatures, is quite high.
* the advantages of --auto-key-retrieve (in terms of signature
verification) can sometimes be achieved in other ways, such as when
a signed message includes a copy of its own key.
* when those other ways are not useful, a graphical, user-facing
application can still offer the user the opportunity to choose to
fetch the key; or it can apply its own policy about when to set
--auto-key-retrieve, without needing to affect the defaults.
Note that --auto-key-retrieve is specifically about signature
verification. Decisions about how and whether to look up a key during
message encryption are governed by --auto-key-locate. This change
does not touch the --auto-key-locate default of "local,wkd". The user
deliberately asking gpg to encrypt to an e-mail address is a different
scenario than having an incoming e-mail trigger a potentially unique
network request.
Signed-off-by: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
diff --git a/doc/gpg.texi b/doc/gpg.texi
index c71126a..b6a9b2d 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1792,7 +1792,7 @@ list. The default is "local,wkd".
@opindex no-auto-key-retrieve
These options enable or disable the automatic retrieving of keys from
a keyserver when verifying signatures made by keys that are not on the
-local keyring. The default is @option{--auto-key-retrieve}.
+local keyring. The default is @option{--no-auto-key-retrieve}.
If the method "wkd" is included in the list of methods given to
@option{auto-key-locate}, the signer's user ID is part of the
diff --git a/g10/gpg.c b/g10/gpg.c
index c721cdc..c9fa7ae 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -2366,8 +2366,7 @@ main (int argc, char **argv)
opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
| IMPORT_REPAIR_PKS_SUBKEY_BUG);
opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
- opt.keyserver_options.options = (KEYSERVER_HONOR_PKA_RECORD
- | KEYSERVER_AUTO_KEY_RETRIEVE);
+ opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
opt.verify_options = (LIST_SHOW_UID_VALIDITY
| VERIFY_SHOW_POLICY_URLS
| VERIFY_SHOW_STD_NOTATIONS
-----------------------------------------------------------------------
Summary of changes:
doc/gpg.texi | 2 +-
g10/gpg.c | 3 +--
2 files changed, 2 insertions(+), 3 deletions(-)
hooks/post-receive
--
The GNU Privacy Guard
http://git.gnupg.org
More information about the Gnupg-commits
mailing list