diff options
| author | Werner Koch <[email protected]> | 2016-06-13 09:32:38 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2016-06-13 09:32:38 +0000 |
| commit | 9e126af215143fddbdc3949681abb9ffdb9153bb (patch) | |
| tree | 2d82194544dec75d54f5632ee99e3c8847273eda | |
| parent | gpg: New option --disable-signer-uid, create Signer's UID sub-packet. (diff) | |
| download | gnupg-9e126af215143fddbdc3949681abb9ffdb9153bb.tar.gz gnupg-9e126af215143fddbdc3949681abb9ffdb9153bb.zip | |
gpg: Un-deprecate option --auto-key-retrieve.
* g10/gpg.c (main): Remove deprecation warning.
--
Most options for the keyserver have been moved to dirmngr and thus it
does not make sense to favor "--keyserver-options auto-key-retrieve"
over the direct options --auto-key-retrieve and --no-auto-key-retrieve.
Signed-off-by: Werner Koch <[email protected]>
| -rw-r--r-- | doc/gpg.texi | 46 | ||||
| -rw-r--r-- | g10/gpg.c | 6 |
2 files changed, 27 insertions, 25 deletions
diff --git a/doc/gpg.texi b/doc/gpg.texi index 182abb105..0f5a18182 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1292,8 +1292,8 @@ the opposite meaning. The options are: Enable PKA lookups to verify sender addresses. Note that PKA is based on DNS, and so enabling this option may disclose information on when and what signatures are verified or to whom data is encrypted. This - is similar to the "web bug" described for the auto-key-retrieve - feature. + is similar to the "web bug" described for the @option{--auto-key-retrieve} + option. @item pka-trust-increase @opindex verify-options:pka-trust-increase @@ -1680,6 +1680,26 @@ mechanisms, in the order they are to be tried: @end table +@item --auto-key-retrieve +@itemx --no-auto-key-retrieve +@opindex auto-key-retrieve +@opindex no-auto-key-retrieve +This option enables the automatic retrieving of keys from a keyserver +when verifying signatures made by keys that are not on the local +keyring. + +If the method "wkd" is included in the list of methods given to +@option{auto-key-locate}, the Signer's User ID is part of the +signature, and the option @option{--disable-signer-uid} is not used, +the "wkd" method may also be used to retrieve a key. + +Note that this option makes a "web bug" like behavior possible. +Keyserver or Web Key Directory operators can see which keys you +request, so by sending you a message signed by a brand new key (which +you naturally will not have on your local keyring), the operator can +tell both your IP address and the time when you verified the +signature. + @item --keyid-format @code{none|short|0xshort|long|0xlong} @opindex keyid-format Select how to display key IDs. "none" does not show the key ID at all @@ -1738,19 +1758,7 @@ are available for all keyserver types, some common options are: used with HKP keyservers. @item auto-key-retrieve - This option enables the automatic retrieving of keys from a keyserver - when verifying signatures made by keys that are not on the local - keyring. If the method "wkd" is included in the list of methods - given to @option{auto-key-locate}, the Signer's User ID is part of - the signature, and the option @option{--disable-signer-uid} is not used, - the "wkd" method may also be used to retrieve a key. - - Note that this option makes a "web bug" like behavior possible. - Keyserver or Web Key Directory operators can see which keys you - request, so by sending you a message signed by a brand new key (which - you naturally will not have on your local keyring), the operator can - tell both your IP address and the time when you verified the - signature. + This is the same as the option @option{auto-key-retrieve}. @item honor-keyserver-url When using @option{--refresh-keys}, if the key in question has a preferred @@ -1762,9 +1770,9 @@ are available for all keyserver types, some common options are: refreshed. Thus this option is not enabled by default. @item honor-pka-record - If auto-key-retrieve is set, and the signature being verified has a - PKA record, then use the PKA information to fetch the key. Defaults - to "yes". + If @option{--auto-key-retrieve} is used, and the signature being + verified has a PKA record, then use the PKA information to fetch + the key. Defaults to "yes". @item include-subkeys When receiving a key, include subkeys as potential targets. Note that @@ -2354,7 +2362,7 @@ By default the user ID of the signing key is embedded in the data signature. As of now this is only done if the signing key has been specified with @option{local-user} using a mail address. This information can be helpful for verifier to locate the key; see -@option{--auto-key-retrieve}. +option @option{--auto-key-retrieve}. @item --personal-cipher-preferences @code{string} @opindex personal-cipher-preferences @@ -3150,12 +3150,6 @@ main (int argc, char **argv) opt.keyserver_options.options|=KEYSERVER_AUTO_KEY_RETRIEVE; else opt.keyserver_options.options&=~KEYSERVER_AUTO_KEY_RETRIEVE; - - deprecated_warning(configname,configlineno, - pargs.r_opt==oAutoKeyRetrieve?"--auto-key-retrieve": - "--no-auto-key-retrieve","--keyserver-options ", - pargs.r_opt==oAutoKeyRetrieve?"auto-key-retrieve": - "no-auto-key-retrieve"); break; case oShowSessionKey: opt.show_session_key = 1; break; case oOverrideSessionKey: |