From ab59f621d608ef6f3bb0669288ec56cd73f5c7ca Mon Sep 17 00:00:00 2001
From: David Shaw <dshaw@jabberwocky.com>
Date: Sun, 5 May 2002 12:45:54 +0000
Subject: * keyserver.c (keyserver_refresh): --refresh-keys implies
 --merge-only so as not to import keys with keyids that match the ones being
 refreshed. Noted by Florian Weimer.

---
 g10/ChangeLog   | 6 ++++++
 g10/keyserver.c | 5 +++++
 2 files changed, 11 insertions(+)

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 7cb0532cb..2dafe2d15 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,9 @@
+2002-05-05  David Shaw  <dshaw@jabberwocky.com>
+
+	* keyserver.c (keyserver_refresh): --refresh-keys implies
+	--merge-only so as not to import keys with keyids that match the
+	ones being refreshed.  Noted by Florian Weimer.
+
 2002-05-04  Stefan Bellon  <sbellon@sbellon.de>
 
 	* free-packet.c (copy_public_key): Don't call m_alloc(0), therefore
diff --git a/g10/keyserver.c b/g10/keyserver.c
index 013ee56fc..6515c2958 100644
--- a/g10/keyserver.c
+++ b/g10/keyserver.c
@@ -838,6 +838,11 @@ keyserver_refresh(STRLIST users)
   int rc,count,fakev3=0;
   KEYDB_SEARCH_DESC *desc;
 
+  /* We switch merge_only on during a refresh, as 'refresh' should
+     never import new keys, even if their keyids match.  Is it worth
+     preserving the old merge_only value here? */
+  opt.merge_only=1;
+
   /* If refresh_add_fake_v3_keyids is on and it's a HKP or MAILTO
      scheme, then enable fake v3 keyid generation. */
   if(opt.keyserver_options.refresh_add_fake_v3_keyids &&
-- 
cgit v1.2.3