Despite "no-include-revoked" revoked still included
David Shaw
dshaw@jabberwocky.com
Tue Dec 10 14:32:02 2002
On Tue, Dec 10, 2002 at 10:16:36AM -0000, Dick Gevers wrote:
> A small question: my gpg.conf includes the following line:
> quote
> keyserver-options keep-temp-files verbose no-include-revoked no-
> include-disabled
> unquote (all on 1 line),
>
> as well as:
> keyserver ldap://pgp.surfnet.nl:11370
>
> but nevertheless if I do a:
> gpg --recv-keys KEYID,
> the revoked keys of KEYID are still imported into my pubring.
> Could someone explain why the revoked keys are included in the
> import anyway?
no-include-revoked and no-include-disabled only apply to
--search-keys. This is for various security reasons, most notably if
you are doing automated key fetches (say, to verify the validity of a
possibly revoked key), you want the key even if it is disabled or
revoked.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson