agent: Make --allow-mark-trusted the default.
authorWerner Koch <wk@gnupg.org>
Wed, 3 Jul 2013 13:20:25 +0000 (15:20 +0200)
committerWerner Koch <wk@gnupg.org>
Fri, 7 Mar 2014 08:48:26 +0000 (09:48 +0100)
commit9942a149ff2ab919c1b2916c7bc347e578a56b14
tree5c8d0780d3d6092b4f29d4837fd163f36d495f9b
parent5105c8d2d344fd7301d456d8c13c7e90a54f7e98
agent: Make --allow-mark-trusted the default.

* agent/gpg-agent.c (opts, main): Add option --no-allow-mark-trusted.
Put this option into the gpgconf-list.
(main): Enable opt.allow_mark_trusted by default.
* tools/gpgconf-comp.c (gc_options_gpg_agent): Replace
allow-mark-trusted by no-allow-mark-trusted.

* agent/trustlist.c (agent_marktrusted): Always set the "relax" flag.

--

These changes have been in effect for the Gpg4win Windows version
since 2011-01-24 and thus first released with Gpg4win 2.1.0.  Given
the current state of PKIX it does not make any sense to lure the Unix
user into false security by making it harder to trust self-signed or
CAcert certificates.

Signed-off-by: Werner Koch <wk@gnupg.org>
(cherry picked from commit 90b419f3e9d05e509348d047e05fcc79e87be6cf)

Resolved conflicts:
NEWS
agent/gpg-agent.c
NEWS
agent/gpg-agent.c
agent/trustlist.c
tools/gpgconf-comp.c