From 727fe4f8d7d5fc3eac0b0aa6fafa4a314686d7dc Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 21 Apr 2015 15:46:13 +0200 Subject: gpg: Do not use honor-keyserver-url sub-option by default. --- doc/gpg.texi | 6 ++++-- g10/gpg.c | 3 +-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/doc/gpg.texi b/doc/gpg.texi index 899c6b8d2..2e7230982 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1586,12 +1586,14 @@ are available for all keyserver types, some common options are: keyserver URL, then use that preferred keyserver to refresh the key from. In addition, if auto-key-retrieve is set, and the signature being verified has a preferred keyserver URL, then use that preferred - keyserver to fetch the key from. Defaults to yes. + keyserver to fetch the key from. Note that this option introduces a + "web bug": The creator of the key can see when the keys is + refreshed. Thus this option is not enabled by default. @item honor-pka-record If auto-key-retrieve is set, and the signature being verified has a PKA record, then use the PKA information to fetch the key. Defaults - to yes. + to "yes". @item include-subkeys When receiving a key, include subkeys as potential targets. Note that diff --git a/g10/gpg.c b/g10/gpg.c index aec6e808e..13d688483 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -2128,8 +2128,7 @@ main (int argc, char **argv) opt.export_options = EXPORT_ATTRIBUTES; opt.keyserver_options.import_options = IMPORT_REPAIR_PKS_SUBKEY_BUG; opt.keyserver_options.export_options = EXPORT_ATTRIBUTES; - opt.keyserver_options.options = (KEYSERVER_HONOR_KEYSERVER_URL - | KEYSERVER_HONOR_PKA_RECORD ); + opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD; opt.verify_options = (LIST_SHOW_UID_VALIDITY | VERIFY_SHOW_POLICY_URLS | VERIFY_SHOW_STD_NOTATIONS -- cgit v1.2.3