GnuPG defaults: changing back to --no-auto-key-retrieve

Patrick Brunschwig patrick at
Sat Aug 12 12:17:48 CEST 2017

On 12.08.17 01:53, Daniel Kahn Gillmor wrote:
> hey folks--
> Werner and i spoke yesterday about the choice of defaults for
> auto-key-retrieve and auto-key-locate, which were updated in 2.1.23.
> Summary
> -------
> GnuPG will revert the default of -retrieve for now so that the default
> is --no-auto-key-retrieve.  The default for --auto-key-locate will
> remain as local,wkd.
> I pushed this change to upstream in commit
>, and it
> will be in the next released version.  I also just pushed 2.1.23-1 to
> debian unstable, with a patch that includes this change.
> What follows is my own notes from the discussion, i hope Werner will
> chime in if his recollection is different.

Thanks Daniel! I fully agree with your remarks. I'd like to add that
immediately after I read the release announcement - because I had the
same concerns that you you raised here - I implemented functionality in
Enigmail to add --no-auto-key-retrieve to all commands if gpg 2.1.23 or
newer is detected (and the user did not explicitly opt in to


More information about the Gnupg-devel mailing list