On Feb 26, 2010, at 4:10 PM, MFPA wrote: >>> Just curious... Does support just mean it sets the >>> bit? Or will it turn an attempt to --send-keys on >>> that key into a no-op? > >> Support means it gives the user the ability to set and >> clear the bit (it is set by default). > > Would there not be some merit in honouring the flag by (at least) > giving an extra warning to answer if you execute --send-keys to upload > a key with that bit set?
I don't think so. At best it's a false sense of security to block or warn on "gpg --send-keys xxxx" but not on (for example) "gpg --export xxxx" (which is then followed by by sending the key via a web browser or email). It also doesn't affect PGP. I'd rather not give the user the impression that this is more than it is. Plus (and I'll admit to a level of amusement in this situation), virtually all keys generated with GPG have the no-modify bit set, as it's the default. It would thus block/warn on most every key. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users