# GPG keyserver to search for keys
#KEYSERVER=subkeys.pgp.net
+# FIXME: consider removing REQUIRED_*_KEY_CAPABILITY entirely from
+# this example config, given our discussion
# Required key capabilities
# Must be quoted, lowercase, space-seperated list of the following:
# e = encrypt
# Should be "true" or "false"
#HASH_KNOWN_HOSTS=true
-# ssh authorized_keys file
+# ssh authorized_keys file (FIXME: why is this relevant in this file?)
#AUTHORIZED_KEYS=~/.ssh/known_hosts
-# This overrides other environment variables
-# NOTE: there is leakage
-#CHECK_KEYRING=true
+# check keyservers at every ssh connection:
+# This overrides other environment variables (FIXME: what does this mean???)
+# NOTE: setting CHECK_KEYSERVER to true will leak information about
+# the timing and frequency of your ssh connections to the maintainer
+# of the keyserver.
+#CHECK_KEYSERVER=true