summaryrefslogtreecommitdiffstats
path: root/debian/patches/gpg-drop-import-clean-from-default-keyserver-import-optio.patch
blob: 29667b73ef9d9195340c70fdb99bddc4c79afccd (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Mon, 15 Jul 2019 16:24:35 -0400
Subject: gpg: drop import-clean from default keyserver import options

* g10/gpg.c (main): drop IMPORT_CLEAN from the
default opt.keyserver_options.import_options
* doc/gpg.texi: reflect this change in the documentation

Given that SELF_SIGS_ONLY is already set, it's not clear what
additional benefit IMPORT_CLEAN provides.  Furthermore, IMPORT_CLEAN
means that receiving an OpenPGP certificate from a keyserver will
potentially delete data that is otherwise held in the local keyring,
which is surprising to users who expect retrieval from the keyservers
to be purely additive.

GnuPG-Bug-Id: 4628
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
 doc/gpg.texi | 2 +-
 g10/gpg.c    | 3 +--
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/doc/gpg.texi b/doc/gpg.texi
index 39c996b..fd0baab 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2005,7 +2005,7 @@ are available for all keyserver types, some common options are:
 
 @end table
 
-The default list of options is: "self-sigs-only, import-clean,
+The default list of options is: "self-sigs-only,
 repair-keys, repair-pks-subkey-bug, export-attributes,
 honor-pka-record". However, if
 the actual used source is an LDAP server "no-self-sigs-only" is
diff --git a/g10/gpg.c b/g10/gpg.c
index bd65612..d77c757 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -2383,8 +2383,7 @@ main (int argc, char **argv)
     opt.export_options = EXPORT_ATTRIBUTES;
     opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
 					    | IMPORT_REPAIR_PKS_SUBKEY_BUG
-                                            | IMPORT_SELF_SIGS_ONLY
-                                            | IMPORT_CLEAN);
+                                            | IMPORT_SELF_SIGS_ONLY);
     opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
     opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
     opt.verify_options = (LIST_SHOW_UID_VALIDITY