BUG: Web of trust circumvention by secret key distribution

Werner Koch wk at gnupg.org
Thu Dec 7 11:47:28 CET 2000

On Thu, 7 Dec 2000, Florian Weimer wrote:

> GnuPG accepts secret keys from key servers.  This means that a secret
> key can be added to the secret key ring without user intervention,
> making the corresponding public key ultimately trusted and thus


> A similiar problem exists with "--import".  IMHO, a separate
> "--import-secret-key" option is needed, and secret keys downloaded

The new option is called --allow-secret-key-import and works for all
import sources.  Implementing a --import-secret-key (which might
imply that public keys are not imported) is diddicult, so we us
this option.

Should show up on CVS RSN.


More information about the Gnupg-devel mailing list