BUG: Web of trust circumvention by secret key distribution

[Werner Koch]

On Thu, 7 Dec 2000, Rodney Thayer wrote:

> no.  NAI PGP does that, and they end up with a user interface
> which causes you to treat all keys as "untrusted" unless you've
> signed them yourself.

However, signing the secret key does not help much because this would 
also need to drop all signatures from secret keys during import.

Ex-/importing secret keys is something you do only in very rare
case, so having to add an option to do this is not that bad.

  Werner