Despite "no-include-revoked" revoked still included

David Shaw
Tue Dec 10 14:32:02 2002

On Tue, Dec 10, 2002 at 10:16:36AM -0000, Dick Gevers wrote:

> A small question: my gpg.conf includes the following line:
> quote
> keyserver-options keep-temp-files verbose no-include-revoked no-
> include-disabled
> unquote (all on 1 line),
> as well as:
> keyserver ldap://
> but nevertheless if I do a:
> gpg --recv-keys KEYID, 
> the revoked keys of KEYID are still imported into my pubring.
> Could someone explain why the revoked keys are included in the 
> import anyway?

no-include-revoked and no-include-disabled only apply to
--search-keys.  This is for various security reasons, most notably if
you are doing automated key fetches (say, to verify the validity of a
possibly revoked key), you want the key even if it is disabled or


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson