[Announce] new gnupg snapshot
Sat Apr 7 15:58:10 2001
RJ Marquette <email@example.com> wrote:
> On Sat, 7 Apr 2001, Stefan Bellon wrote:
> > So, I don't see any problem here. New users just _try_ things. So
> > they'll try to import as usual and then come across this message.
> > Not even a need to consult a man page, methinks.
> Still, I forsee a FAQ on this.
Could be, yes.
> Also, I'm not clear on how using this option prevents the attack. So,
> instead of doing it in one step, I do it in two... RJ <G> :)
Well, it can't happen without the user noticing it anymore. Till now
you could import a bunch of public keys and this didn't prevent
importing of a secret key hidden amongst them. Now you see that there's
somebody trying to feed you with a secret key. You can of course import
it (in a second go with the --allow-secret-key-import switch), but it
doesn't work without you noticing it.
Stefan Bellon * <mailto:firstname.lastname@example.org> * <http://www.sbellon.de/>
PGP 2.6 and GnuPG (OpenPGP) keys available from my home page
Never get between a programmer and the coffee machine