Return-Path: <jrollins@finestructure.net>
X-Original-To: notmuch@notmuchmail.org
Delivered-To: notmuch@notmuchmail.org
Received: from localhost (localhost [127.0.0.1])
	by olra.theworths.org (Postfix) with ESMTP id 9EAEB431FB6
	for <notmuch@notmuchmail.org>; Wed, 27 Feb 2013 08:14:50 -0800 (PST)
X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
X-Spam-Flag: NO
X-Spam-Score: -2.3
X-Spam-Level: 
X-Spam-Status: No, score=-2.3 tagged_above=-999 required=5
	tests=[RCVD_IN_DNSWL_MED=-2.3] autolearn=disabled
Received: from olra.theworths.org ([127.0.0.1])
	by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id wtTZZlBLy71f for <notmuch@notmuchmail.org>;
	Wed, 27 Feb 2013 08:14:48 -0800 (PST)
Received: from outgoing-mail.its.caltech.edu (outgoing-mail.its.caltech.edu
	[131.215.239.19])
	by olra.theworths.org (Postfix) with ESMTP id 6F3AD431FAF
	for <notmuch@notmuchmail.org>; Wed, 27 Feb 2013 08:14:48 -0800 (PST)
Received: from earth-doxen.imss.caltech.edu (localhost [127.0.0.1])
	by earth-doxen-postvirus (Postfix) with ESMTP id D0B7C66E00F8;
	Wed, 27 Feb 2013 08:14:47 -0800 (PST)
X-Spam-Scanned: at Caltech-IMSS on earth-doxen by amavisd-new
Received: from finestructure.net (DHCP-123-224.caltech.edu [131.215.123.224])
	(Authenticated sender: jrollins)
	by earth-doxen-submit (Postfix) with ESMTP id D658466E011C;
	Wed, 27 Feb 2013 08:14:43 -0800 (PST)
Received: by finestructure.net (Postfix, from userid 1000)
	id B154E61745; Wed, 27 Feb 2013 08:14:43 -0800 (PST)
From: Jameson Graef Rollins <jrollins@finestructure.net>
To: Jani Nikula <jani@nikula.org>, notmuch@notmuchmail.org
Subject: Re: [PATCH] cli: crypto: tell gmime to use gpg-agent
In-Reply-To: <1361950838-22919-1-git-send-email-jani@nikula.org>
References: <1361950838-22919-1-git-send-email-jani@nikula.org>
User-Agent: Notmuch/0.15+8~gd4a7374 (http://notmuchmail.org) Emacs/24.2.1
	(x86_64-pc-linux-gnu)
Date: Wed, 27 Feb 2013 08:14:41 -0800
Message-ID: <87hakxpwcu.fsf@servo.finestructure.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha256; protocol="application/pgp-signature"
X-BeenThere: notmuch@notmuchmail.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: "Use and development of the notmuch mail system."
	<notmuch.notmuchmail.org>
List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
List-Archive: <http://notmuchmail.org/pipermail/notmuch>
List-Post: <mailto:notmuch@notmuchmail.org>
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Feb 2013 16:14:50 -0000

--=-=-=
Content-Type: text/plain

On Tue, Feb 26 2013, Jani Nikula <jani@nikula.org> wrote:
> For decryption, we expect there to be a functioning gpg-agent, and we
> want gpg to talk to it for any needed credentials. There's a gmime
> function to declare that: g_mime_gpg_context_set_use_agent() [1], [2].
> Start using it.
>
> I had gpg-agent running, but gpg "use-agent" configuration option
> disabled. This resulted in an error message from 'notmuch show':
>
>   Failed to decrypt part: Canceled.
>
> and json had this:
>
>   "encstatus" : [ { "status" : "bad" } ]
>
> One could argue the "use-agent" option should be enabled, but I'd like
> to use the agent only as a last resort. I think that's irrelevant
> though. There's a gmime function to declare what we expect, so we
> should use it. Conveniently it also fixes the problem in a user
> friendly way.

I will argue that the "use-agent" option should be enabled.  If we force
use of gpg-agent, then we don't allow people to opt out of using it.
That's not very user friendly, particularly if someone has not enabled
it for a specific reason.

But I think more to the point we need a little bit of due diligence of
the effects of this before we enable it.  What happens if gpg-agent is
not available?  What happens if there is no X session?  Tests that probe
the various circumstances would be useful.

I do note, though, that the error messages are not very useful.  It
would be nice if could figure out that the decryption failed because of
lack of agent and inform the user of that.

We should probably also update the show man page to make explicit that
an agent may be required.

jamie.

--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJRLjDxAAoJEO00zqvie6q80YwP+wYQwBco4kcfFiwI6eHjxA3R
jx6vGOBal6z3ET7WcS06YdY4iX/CuBJZu72NbR8TwMxU9JoW7Fq95ovWJdsPirJx
gXzvPQtHt9RjDYVeateVDHKylqtz0PRdXzlndGEexRTG6jkaY1AqMzUkRnd5YBvJ
pH+WYDTg10COnxEi5QdR5Bb9fBQQvykAvX4is6D76aGNpr4kexlbqiFPWILQzLwS
vjikP2ZB8PF7pOrEFQKUrd/XJk+SWrE2QBZYIJq7kKuYivM+NXcuijIaWTFhVHoM
V+pCae5fir82VgE0HWlyb0fM/Lq22y3NE9c33cLzdArv8Y+YZLi4SCnKVE++4kK3
2Mvp7ZCvHGJ1Ygbe3irteknpKX1O4MlJlAr6r+zyjLZTSdT8BTxw/+FEY9DbfI4W
++9wcSTgkfv2mIW4qHo15NA0FkhAzPyreKPe7gX66K/gf1X/B41tTRYS4JTCNbaT
i/CO+d2CH+8oCzeWt1Y+XIAWWuotQaVym+zyeB3nAzWk54RUUok7dWnL06h7dx0x
st2KRtkDVCwL8dAPUDD0G+5DWyXIrQ8HfaBrfFrKHiWgRQkI2TR60DWtw3/2D1NM
CSP1X05QsimIGn+RqsY750wgJ7I26qFXFwOmuqTTveFLY2tn9DrxgY4xm6F4Wsqa
ZWjGa6no6YdAiA6SmP3Q
=ICqV
-----END PGP SIGNATURE-----
--=-=-=--