Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch
diff options
context:
space:
mode:
Diffstat (limited to 'app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch')
-rw-r--r--app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch71
1 files changed, 71 insertions, 0 deletions
diff --git a/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch b/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch
new file mode 100644
index 000000000000..4cc414d18e31
--- /dev/null
+++ b/app-crypt/gnupg/files/gnupg-2.1.23-gpg-default-to-no-auto-key-retrieve.patch
@@ -0,0 +1,71 @@
+From e6f84116abca2ed49bf14b2e28c3c811a3717227 Mon Sep 17 00:00:00 2001
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+Date: Fri, 11 Aug 2017 02:26:52 -0400
+Subject: [PATCH] gpg: default to --no-auto-key-retrieve.
+
+* g10/gpg.c (main): remove KEYSERVER_AUTO_KEY_RETRIEVE from the
+default keyserver options.
+* doc/gpg.texi: document this change.
+--
+
+This is a partial reversion of
+7e1fe791d188b078398bf83c9af992cb1bd2a4b3. Werner and i discussed it
+earlier today, and came to the conclusion that:
+
+ * the risk of metadata leakage represented by a default
+ --auto-key-retrieve, both in e-mail (as a "web bug") and in other
+ contexts where GnuPG is used to verified signatures, is quite high.
+
+ * the advantages of --auto-key-retrieve (in terms of signature
+ verification) can sometimes be achieved in other ways, such as when
+ a signed message includes a copy of its own key.
+
+ * when those other ways are not useful, a graphical, user-facing
+ application can still offer the user the opportunity to choose to
+ fetch the key; or it can apply its own policy about when to set
+ --auto-key-retrieve, without needing to affect the defaults.
+
+Note that --auto-key-retrieve is specifically about signature
+verification. Decisions about how and whether to look up a key during
+message encryption are governed by --auto-key-locate. This change
+does not touch the --auto-key-locate default of "local,wkd". The user
+deliberately asking gpg to encrypt to an e-mail address is a different
+scenario than having an incoming e-mail trigger a potentially unique
+network request.
+
+Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+---
+ doc/gpg.texi | 2 +-
+ g10/gpg.c | 3 +--
+ 2 files changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/doc/gpg.texi b/doc/gpg.texi
+index c71126a97..b6a9b2d70 100644
+--- a/doc/gpg.texi
++++ b/doc/gpg.texi
+@@ -1792,7 +1792,7 @@ list. The default is "local,wkd".
+ @opindex no-auto-key-retrieve
+ These options enable or disable the automatic retrieving of keys from
+ a keyserver when verifying signatures made by keys that are not on the
+-local keyring. The default is @option{--auto-key-retrieve}.
++local keyring. The default is @option{--no-auto-key-retrieve}.
+
+ If the method "wkd" is included in the list of methods given to
+ @option{auto-key-locate}, the signer's user ID is part of the
+diff --git a/g10/gpg.c b/g10/gpg.c
+index c721cdc4a..c9fa7ae5b 100644
+--- a/g10/gpg.c
++++ b/g10/gpg.c
+@@ -2366,8 +2366,7 @@ main (int argc, char **argv)
+ opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
+ | IMPORT_REPAIR_PKS_SUBKEY_BUG);
+ opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
+- opt.keyserver_options.options = (KEYSERVER_HONOR_PKA_RECORD
+- | KEYSERVER_AUTO_KEY_RETRIEVE);
++ opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
+ opt.verify_options = (LIST_SHOW_UID_VALIDITY
+ | VERIFY_SHOW_POLICY_URLS
+ | VERIFY_SHOW_STD_NOTATIONS
+--
+2.13.0
+