Hi,
the feature/better-controlled-gnupg-connections branch (no ticket)
is a candidate for 0.19 => please review and merge into devel.
Steps to test the no-honor-keyserver-url option:
1. generate key pair
2. edit key -> keyserver hkp://example.com
3. gpg --refresh-keys -> output must not contain example.com
I've added "write a testcase" to my todo list, but I don't promise
anything yet.
commit 8eb32b9b38942e91b9e2852c14af10def4f369a6
Author: Tails developers <amnesia@???>
Date: Sun Apr 28 15:02:03 2013 +0200
GnuPG: locate keys only from local keyrings.
This is probably the default, but better safe than sorry.
commit 946f89312d01d7d841429c9901aef2dee2683c9d
Author: Tails developers <amnesia@???>
Date: Sun Apr 28 15:00:56 2013 +0200
GnuPG: don't connect to the preferred keyserver specified by the key owner.
This feature opens the door to a variety of subtle attacks.
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
