X-Git-Url: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=blobdiff_plain;f=g10%2Foptions.skel;h=20b571118520d86ef979ddae9e1a09b3d78ea5a3;hp=3d15f811cb6aa5a434dab4323f3d128bbccf91d2;hb=f05a63b10428df2878b1bb6fde57a2fc2aa99105;hpb=4c66e94ff91d680eaf1d9c48a62d66d1951f90ef diff --git a/g10/options.skel b/g10/options.skel index 3d15f811c..20b571118 100644 --- a/g10/options.skel +++ b/g10/options.skel @@ -2,12 +2,13 @@ # the users home directory. # $Id$ # Options for GnuPG -# Copyright 1998, 1999, 2000, 2001, 2002, 2003 Free Software Foundation, Inc. -# +# Copyright 1998-2003, 2010 Free Software Foundation, Inc. +# Copyright 1998-2003, 2010 Werner Koch +# # This file is free software; as a special exception the author gives # unlimited permission to copy and/or distribute it, with or without # modifications, as long as this notice is preserved. -# +# # This file is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY, to the extent permitted by law; without even the # implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. @@ -39,12 +40,12 @@ #default-recipient some-user-id #default-recipient-self -# By default GnuPG creates version 3 signatures for data files. This -# is not strictly OpenPGP compliant but PGP 6 and most versions of PGP -# 7 require them. To disable this behavior, you may use this option -# or --openpgp. +# By default GnuPG creates version 4 signatures for data files as +# specified by OpenPGP. Some earlier (PGP 6, PGP 7) versions of PGP +# require the older version 3 signatures. Setting this option forces +# GnuPG to create version 3 signatures. -#no-force-v3-sigs +#force-v3-sigs # Because some mailers change lines starting with "From " to ">From " # it is good to handle such lines in a special way when creating @@ -53,6 +54,15 @@ #no-escape-from-lines +# When verifying a signature made from a subkey, ensure that the cross +# certification "back signature" on the subkey is present and valid. +# This protects against a subtle attack against subkeys that can sign. +# Defaults to --no-require-cross-certification. However for new +# installations it should be enabled. + +require-cross-certification + + # If you do not use the Latin-1 (ISO-8859-1) charset, you should tell # GnuPG which is the native character set. Please check the man page # for supported character sets. This character set is only used for @@ -89,15 +99,11 @@ # servers can be HKP, email, or LDAP (if GnuPG is built with LDAP # support). # -# Example HKP keyserver: -# hkp://subkeys.pgp.net -# -# Example email keyserver: -# mailto:pgp-public-keys@keys.pgp.net +# Example HKP keyservers: +# hkp://keys.gnupg.net # # Example LDAP keyservers: # ldap://pgp.surfnet.nl:11370 -# ldap://keyserver.pgp.com # # Regular URL syntax applies, and you can set an alternate port # through the usual method: @@ -112,14 +118,14 @@ # Note that most servers (with the notable exception of # ldap://keyserver.pgp.com) synchronize changes with each other. Note # also that a single server name may actually point to multiple -# servers via DNS round-robin. hkp://subkeys.pgp.net is an example of +# servers via DNS round-robin. hkp://keys.gnupg.net is an example of # such a "server", which spreads the load over a number of physical -# servers. +# servers. To see the IP address of the server actually used, you may use +# the "--keyserver-options debug". -keyserver hkp://subkeys.pgp.net +keyserver hkp://keys.gnupg.net +#keyserver http://http-keys.gnupg.net #keyserver mailto:pgp-public-keys@keys.nl.pgp.net -#keyserver ldap://pgp.surfnet.nl:11370 -#keyserver ldap://keyserver.pgp.com # Common options for keyserver functions: # @@ -190,23 +196,3 @@ keyserver hkp://subkeys.pgp.net # # Use your MIME handler to view photos: # photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG" - -# Passphrase agent -# -# We support the old experimental passphrase agent protocol as well as -# the new Assuan based one (currently available in the "newpg" package -# at ftp.gnupg.org/gcrypt/alpha/aegypten/). To make use of the agent, -# you have to run an agent as daemon and use the option -# -# use-agent -# -# which tries to use the agent but will fallback to the regular mode -# if there is a problem connecting to the agent. The normal way to -# locate the agent is by looking at the environment variable -# GPG_AGENT_INFO which should have been set during gpg-agent startup. -# In certain situations the use of this variable is not possible, thus -# the option -# -# --gpg-agent-info=::1 -# -# may be used to override it.