| blob | 526a3ff27900d647d0e2b0434a19496500cdeaba |
1 From 1690a464b28fa24ce82189a9bf5d7ce9b44804b8 Mon Sep 17 00:00:00 2001
2 From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
3 Date: Mon, 15 Jul 2019 16:24:35 -0400
4 Subject: [PATCH 3/7] gpg: drop import-clean from default keyserver import
5 options
7 * g10/gpg.c (main): drop IMPORT_CLEAN from the
8 default opt.keyserver_options.import_options
9 * doc/gpg.texi: reflect this change in the documentation
11 Given that SELF_SIGS_ONLY is already set, it's not clear what
12 additional benefit IMPORT_CLEAN provides. Furthermore, IMPORT_CLEAN
13 means that receiving an OpenPGP certificate from a keyserver will
14 potentially delete data that is otherwise held in the local keyring,
15 which is surprising to users who expect retrieval from the keyservers
16 to be purely additive.
18 GnuPG-Bug-Id: 4628
19 Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
20 ---
21 doc/gpg.texi | 2 +-
22 g10/gpg.c | 3 +--
23 2 files changed, 2 insertions(+), 3 deletions(-)
25 diff --git a/doc/gpg.texi b/doc/gpg.texi
26 index 4870441d4..551459a74 100644
27 --- a/doc/gpg.texi
28 +++ b/doc/gpg.texi
29 @@ -1963,7 +1963,7 @@ are available for all keyserver types, some common options are:
31 @end table
33 -The default list of options is: "self-sigs-only, import-clean,
34 +The default list of options is: "self-sigs-only,
35 repair-keys, repair-pks-subkey-bug, export-attributes,
36 honor-pka-record".
38 diff --git a/g10/gpg.c b/g10/gpg.c
39 index 68cc22041..fa2bcfa5e 100644
40 --- a/g10/gpg.c
41 +++ b/g10/gpg.c
42 @@ -2397,8 +2397,7 @@ main (int argc, char **argv)
43 opt.export_options = EXPORT_ATTRIBUTES;
44 opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
45 | IMPORT_REPAIR_PKS_SUBKEY_BUG
46 - | IMPORT_SELF_SIGS_ONLY
47 - | IMPORT_CLEAN);
48 + | IMPORT_SELF_SIGS_ONLY);
49 opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
50 opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
51 opt.verify_options = (LIST_SHOW_UID_VALIDITY
52 --
53 2.27.0