[Announce] new gnupg snapshot

Frank Tobin ftobin@uiuc.edu
Sat Apr 7 00:58:01 2001

Andrew McDonald, at 20:33 +0100 on Fri, 6 Apr 2001, wrote:

    IIRC, if you have a secret key it is ultimately trusted by default.
    Persuading you to import a secret key could, therefore, subvert your
    web of trust.

There are two issues here:

1) importing trust
2) importing a secret key

Your arguments seem to state that importing a secret key implies importing
trust.  Why would GnuPG _ever_ import trust without direct user knowledge?

I'm not clearly seeing why importing a secret key, alone, is any threat.

Frank Tobin		http://www.uiuc.edu/~ftobin/