@Tim Kelsey: I think the plan is to make the policy configurable, with auto-add (but fail if changed) as the default, which is secure enough for most people but can be bumped up by sufficiently paranoid installed who do the work to collect the keys first.
@Tim Kelsey: I think the plan is to make the policy configurable, with auto-add (but fail if changed) as the default, which is secure enough for most people but can be bumped up by sufficiently paranoid installed who do the work to collect the keys first.