diff options
| author | Werner Koch <wk@gnupg.org> | 2019-07-04 15:45:39 +0200 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2019-07-04 15:45:39 +0200 |
| commit | 23c978640812d123eaffd4108744bdfcf48f7c93 (patch) | |
| tree | 8ead893eb49b6810082d5bf27ae9c4f0e9c31392 /g10 | |
| parent | gpg: Avoid printing false AKL error message. (diff) | |
| download | gnupg2-23c978640812d123eaffd4108744bdfcf48f7c93.tar.xz gnupg2-23c978640812d123eaffd4108744bdfcf48f7c93.zip | |
gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.
* g10/gpg.c (main): Change default.
--
Due to the DoS attack on the keyeservers we do not anymore default to
import key signatures. That makes the keyserver unsuable for getting
keys for the WoT but it still allows to retriev keys - even if that
takes long to download the large keyblocks.
To revert to the old behavior add
keyserver-optiions no-self-sigs-only,no-import-clean
to gpg.conf.
GnuPG-bug-id: 4607
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'g10')
| -rw-r--r-- | g10/gpg.c | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -2424,7 +2424,9 @@ main (int argc, char **argv) opt.import_options = IMPORT_REPAIR_KEYS; opt.export_options = EXPORT_ATTRIBUTES; opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS - | IMPORT_REPAIR_PKS_SUBKEY_BUG); + | IMPORT_REPAIR_PKS_SUBKEY_BUG + | IMPORT_SELF_SIGS_ONLY + | IMPORT_CLEAN); opt.keyserver_options.export_options = EXPORT_ATTRIBUTES; opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD; opt.verify_options = (LIST_SHOW_UID_VALIDITY |