gpg: drop import-clean from default keyserver import options

* g10/gpg.c (main): drop IMPORT_CLEAN from the default opt.keyserver_options.import_options * doc/gpg.texi: reflect this change in the documentation Given that SELF_SIGS_ONLY is already set, it's not clear what additional benefit IMPORT_CLEAN provides. Furthermore, IMPORT_CLEAN means that receiving an OpenPGP certificate from a keyserver will potentially delete data that is otherwise held in the local keyring, which is surprising to users who expect retrieval from the keyservers to be purely additive. GnuPG-Bug-Id: 4628 Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> Gbp-Pq: Name gpg-drop-import-clean-from-default-keyserver-import-optio.patch
2019-07-15 16:24:35 -04:00 · 2019-07-15 16:24:35 -04:00 · 7ca9fa2042
parent 4a72c8e257
commit 7ca9fa2042
2 changed files with 2 additions and 3 deletions
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@ -2119,7 +2119,7 @@ are available for all keyserver types, some common options are:

@end table

-The default list of options is: "self-sigs-only, import-clean,
+The default list of options is: "self-sigs-only,
 repair-keys, repair-pks-subkey-bug, export-attributes". However, if
 the actual used source is an LDAP server "no-self-sigs-only" is
 assumed unless "self-sigs-only" has been explicitly configured.
--- a/g10/gpg.c
+++ b/g10/gpg.c
@ -2468,8 +2468,7 @@ main (int argc, char **argv)
 					    | IMPORT_REPAIR_PKS_SUBKEY_BUG
                                            | IMPORT_SELF_SIGS_ONLY
                                            | IMPORT_COLLAPSE_UIDS
-                                            | IMPORT_COLLAPSE_SUBKEYS
-                                            | IMPORT_CLEAN);
+                                            | IMPORT_COLLAPSE_SUBKEYS);
    opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
    opt.keyserver_options.options = 0;
    opt.verify_options = (LIST_SHOW_UID_VALIDITY