A bug in version 1.2.1?

Alexandros Papadopoulos apapadop@cmu.edu
Wed Dec 11 17:59:02 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wednesday 11 December 2002 09:12, Werner Koch wrote:
> On Wed, 11 Dec 2002 08:08:12 -0500, David Shaw said:
> >> There may be warnings ("You have no trustpath to this key that
> >> indicates its validity. Use anyway? [[cancel]] [OK]") or a pref to
> >> switch this off.
> >
> > This is much better of course.
>
> Given the habit of many users to hit OK without thinking, the current
> way is safer; it forces the user to think about what he is going to
> do (while doing an lsign).
>

I agree. Allowing encryption to a key without any user verification=20
whatsoever (fingerprint, at the very least?), is bad and causes=20
brain-dead use of gpg. In no time this reaches the point of users=20
relying on their MUA to verify their keys for them, and bitching when=20
they realize it won't.

- -A
- --=20
http://andrew.cmu.edu/~apapadop/pub_key.asc
3DAD 8435 DB52 F17B 640F  D78C 8260 0CC1 0B75 8265
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE9928AgmAMwQt1gmURAiQiAJ49b/xntaH7sx4/hIBlZd1+7gdUOwCfWMwS
toNjMEcNC0TAnKiTBYIDzUs=3D
=3DlqyS
-----END PGP SIGNATURE-----