From: Daniel Kahn Gillmor Date: Mon, 15 Jul 2019 20:24:35 +0000 (-0400) Subject: gpg: drop import-clean from default keyserver import options X-Git-Tag: archive/raspbian/2.2.12-1+rpi1+deb10u2^2~6 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=0fbe07c1d84cd436c4168ed1efa53621ae4ed35b;p=gnupg2.git gpg: drop import-clean from default keyserver import options * g10/gpg.c (main): drop IMPORT_CLEAN from the default opt.keyserver_options.import_options * doc/gpg.texi: reflect this change in the documentation Given that SELF_SIGS_ONLY is already set, it's not clear what additional benefit IMPORT_CLEAN provides. Furthermore, IMPORT_CLEAN means that receiving an OpenPGP certificate from a keyserver will potentially delete data that is otherwise held in the local keyring, which is surprising to users who expect retrieval from the keyservers to be purely additive. GnuPG-Bug-Id: 4628 Signed-off-by: Daniel Kahn Gillmor (cherry picked from commit 84bce011aaa2db19f10c1f763110e840c7b7019f) Gbp-Pq: Topic keyserver-cleanup Gbp-Pq: Name gpg-drop-import-clean-from-default-keyserver-import-optio.patch --- diff --git a/doc/gpg.texi b/doc/gpg.texi index c8fb241..0f13589 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1907,7 +1907,7 @@ are available for all keyserver types, some common options are: @end table -The default list of options is: "self-sigs-only, import-clean, +The default list of options is: "self-sigs-only, repair-keys, repair-pks-subkey-bug, export-attributes, honor-pka-record". diff --git a/g10/gpg.c b/g10/gpg.c index 6e5e901..f05a493 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2374,8 +2374,7 @@ main (int argc, char **argv) opt.export_options = EXPORT_ATTRIBUTES; opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS | IMPORT_REPAIR_PKS_SUBKEY_BUG - | IMPORT_SELF_SIGS_ONLY - | IMPORT_CLEAN); + | IMPORT_SELF_SIGS_ONLY); opt.keyserver_options.export_options = EXPORT_ATTRIBUTES; opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD; opt.verify_options = (LIST_SHOW_UID_VALIDITY