BUG: Web of trust circumvention by secret key distribution
wk at gnupg.org
Thu Dec 7 18:37:42 CET 2000
On Thu, 7 Dec 2000, Rodney Thayer wrote:
> no. NAI PGP does that, and they end up with a user interface
> which causes you to treat all keys as "untrusted" unless you've
> signed them yourself.
However, signing the secret key does not help much because this would
also need to drop all signatures from secret keys during import.
Ex-/importing secret keys is something you do only in very rare
case, so having to add an option to do this is not that bad.
More information about the Gnupg-devel