gpg: Add "self-sigs-only" and "import-clean" to the keyserver options.

* g10/gpg.c (main): Change default. -- Due to the DoS attack on the keyeservers we do not anymore default to import key signatures. That makes the keyserver unsuable for getting keys for the WoT but it still allows to retriev keys - even if that takes long to download the large keyblocks. To revert to the old behavior add keyserver-optiions no-self-sigs-only,no-import-clean to gpg.conf. GnuPG-bug-id: 4607 Signed-off-by: Werner Koch <wk@gnupg.org>
2019-07-04 15:45:39 +02:00 · 2019-07-04 15:45:39 +02:00 · 23c9786408
parent 91a6ba3234
commit 23c9786408
2 changed files with 8 additions and 1 deletions
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@ -1917,6 +1917,11 @@ are available for all keyserver types, some common options are:

@end table

+The default list of options is: "self-sigs-only, import-clean,
+repair-keys, repair-pks-subkey-bug, export-attributes,
+honor-pka-record".
+
+
@item --completes-needed @var{n}
@opindex compliant-needed
 Number of completely trusted users to introduce a new
--- a/g10/gpg.c
+++ b/g10/gpg.c
@ -2424,7 +2424,9 @@ main (int argc, char **argv)
    opt.import_options = IMPORT_REPAIR_KEYS;
    opt.export_options = EXPORT_ATTRIBUTES;
    opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
-					    | IMPORT_REPAIR_PKS_SUBKEY_BUG);
+					    | IMPORT_REPAIR_PKS_SUBKEY_BUG
+                                            | IMPORT_SELF_SIGS_ONLY
+                                            | IMPORT_CLEAN);
    opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
    opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
    opt.verify_options = (LIST_SHOW_UID_VALIDITY