BUG: Web of trust circumvention by secret key distribution

Werner Koch wk at gnupg.org
Thu Dec 7 18:37:42 CET 2000

On Thu, 7 Dec 2000, Rodney Thayer wrote:

> no.  NAI PGP does that, and they end up with a user interface
> which causes you to treat all keys as "untrusted" unless you've
> signed them yourself.

However, signing the secret key does not help much because this would 
also need to drop all signatures from secret keys during import.

Ex-/importing secret keys is something you do only in very rare
case, so having to add an option to do this is not that bad.


More information about the Gnupg-devel mailing list