BUG: Web of trust circumvention by secret key distribution
Werner Koch
wk at gnupg.org
Thu Dec 7 11:47:28 CET 2000
On Thu, 7 Dec 2000, Florian Weimer wrote:
> GnuPG accepts secret keys from key servers. This means that a secret
> key can be added to the secret key ring without user intervention,
> making the corresponding public key ultimately trusted and thus
Agreed.
> A similiar problem exists with "--import". IMHO, a separate
> "--import-secret-key" option is needed, and secret keys downloaded
The new option is called --allow-secret-key-import and works for all
import sources. Implementing a --import-secret-key (which might
imply that public keys are not imported) is diddicult, so we us
this option.
Should show up on CVS RSN.
Werner
More information about the Gnupg-devel
mailing list