diff options
Diffstat (limited to '')
| -rw-r--r-- | g10/sig-check.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/g10/sig-check.c b/g10/sig-check.c index a444bbfe7..f09711e12 100644 --- a/g10/sig-check.c +++ b/g10/sig-check.c @@ -96,15 +96,17 @@ signature_check2( PKT_signature *sig, MD_HANDLE digest, u32 *r_expiredate, signaures issued by it. */ if(rc==0 && !pk->is_primary && pk->backsig<2) { - /* TODO: In a future version, once enough signing subkeys - have backsigs, change this to always give the warning, - and have --require-backsigs enable or disable the - G10ERR_GENERAL. */ - if(pk->backsig==0 && opt.flags.require_cross_cert) + if(pk->backsig==0) { log_info(_("WARNING: signing subkey %s is not" " cross-certified\n"),keystr_from_pk(pk)); - rc=G10ERR_GENERAL; + log_info(_("please see %s for more information\n"), + "http://www.gnupg.org/subkey-cross-certify.html"); + /* --require-cross-certification makes this warning an + error. TODO: change the default to require this + after more keys have backsigs. */ + if(opt.flags.require_cross_cert) + rc=G10ERR_GENERAL; } else if(pk->backsig==1) { |