Re: Bug#755544: notmuch-emacs: doesn't check gpg/pgp signatures by default

diff --git a/6c/e3d91c06c48868428f68cf1f0e50f2ad28b33f b/6c/e3d91c06c48868428f68cf1f0e50f2ad28b33f
new file mode 100644 (file)
index 0000000..42e857f
--- /dev/null
+++ b/6c/e3d91c06c48868428f68cf1f0e50f2ad28b33f
@@ -0,0 +1,116 @@
+Return-Path: <dkg@fifthhorseman.net>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+       by olra.theworths.org (Postfix) with ESMTP id 72D80431FC3\r
+       for <notmuch@notmuchmail.org>; Mon, 21 Jul 2014 21:39:15 -0700 (PDT)\r
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: 0\r
+X-Spam-Level: \r
+X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none]\r
+       autolearn=disabled\r
+Received: from olra.theworths.org ([127.0.0.1])\r
+       by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
+       with ESMTP id m8qfv4Rb-M-F for <notmuch@notmuchmail.org>;\r
+       Mon, 21 Jul 2014 21:39:08 -0700 (PDT)\r
+Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108])\r
+       by olra.theworths.org (Postfix) with ESMTP id 44F2C431FAE\r
+       for <notmuch@notmuchmail.org>; Mon, 21 Jul 2014 21:39:08 -0700 (PDT)\r
+Received: from [10.0.1.131] (173-230-166-62.cable.teksavvy.com\r
+       [173.230.166.62])\r
+       by che.mayfirst.org (Postfix) with ESMTPSA id E959EF984;\r
+       Tue, 22 Jul 2014 00:39:04 -0400 (EDT)\r
+Message-ID: <53CDEAE8.3000607@fifthhorseman.net>\r
+Date: Tue, 22 Jul 2014 00:39:04 -0400\r
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>\r
+User-Agent: Mozilla/5.0 (X11; Linux x86_64;\r
+       rv:30.0) Gecko/20100101 Icedove/30.0\r
+MIME-Version: 1.0\r
+To: Jameson Graef Rollins <jrollins@finestructure.net>, \r
+       David Bremner <david@tethera.net>,\r
+       Vagrant Cascadian <vagrant@debian.org>, 755544@bugs.debian.org\r
+Subject: Re: Bug#755544: notmuch-emacs: doesn't check gpg/pgp signatures by\r
+       default\r
+References: <20140721223426.GA5250@siren>\r
+       <87silucnfx.fsf@maritornes.cs.unb.ca>\r
+       <87iomqxkzp.fsf@servo.finestructure.net>        <53CDE8F8.8050200@fifthhorseman.net>\r
+In-Reply-To: <53CDE8F8.8050200@fifthhorseman.net>\r
+Content-Type: multipart/signed; micalg=pgp-sha512;\r
+       protocol="application/pgp-signature";\r
+       boundary="C5NDsD6eucQPDMVR8tHCuNvtxKu1l6efU"\r
+Cc: notmuch@notmuchmail.org\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.13\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+       <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Tue, 22 Jul 2014 04:39:15 -0000\r
+\r
+This is an OpenPGP/MIME signed message (RFC 4880 and 3156)\r
+--C5NDsD6eucQPDMVR8tHCuNvtxKu1l6efU\r
+Content-Type: text/plain; charset=UTF-8\r
+Content-Transfer-Encoding: quoted-printable\r
+\r
+On 07/22/2014 12:30 AM, Daniel Kahn Gillmor wrote:\r
+> On 07/21/2014 09:03 PM, Jameson Graef Rollins wrote:\r
+>> On Mon, Jul 21 2014, David Bremner <david@tethera.net> wrote:\r
+>>> notmuch folks: it seems that in vagrant's message, and several others=\r
+ I\r
+>>> checked, it notmuch-crypto-process-mime=3D=3Dnil, then no signature b=\r
+utton\r
+>>> is created at all.\r
+>>\r
+>> Yes, this is true.  The signature button is pretty meaningless if we'r=\r
+e\r
+>> not processing the signature.\r
+>>\r
+>> Maybe instead by default we could have a signature button that opens u=\r
+p\r
+>> a notmuch-crypto-process-mime customization buffer?\r
+>=20\r
+> Or the button could just re-load the current view while processing the\r
+> signature, and send "you can customize notmuch-crypt-process-mime to do=\r
+\r
+> this automatically in the future" to *Messages*.\r
+\r
+Oh, and it seems like in the case where no verification or PGP/MIME\r
+procesing was done, we need to make it a *lot* clearer to the user that\r
+no signature verification was done.\r
+\r
+       --dkg\r
+\r
+\r
+--C5NDsD6eucQPDMVR8tHCuNvtxKu1l6efU\r
+Content-Type: application/pgp-signature; name="signature.asc"\r
+Content-Description: OpenPGP digital signature\r
+Content-Disposition: attachment; filename="signature.asc"\r
+\r
+-----BEGIN PGP SIGNATURE-----\r
+Version: GnuPG v1\r
+\r
+iQJ8BAEBCgBmBQJTzeroXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w\r
+ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB\r
+NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpcpboP/2I5aIyC/vyBNJhDJ7foSOPO\r
+cva8R+L9gejzqFAI4xhUHpWY2VXj1/PWV6iCg4UacEPBKDFEIEUdO5emMMtw8kNa\r
+6sknFjfxEe9YmCnIlfmBvXhoTvpj/ceQ/DaOHxzGi4Ihg5dfUov16+TNKyukaLGF\r
+aznCYU3+cHouEv5GCUueK2H+dJkRrRKyqqyOtLkAdICeXs3kqRiPVxYCijWdt+NH\r
+jXt+3/rcP49zo8AD8r41ZqOT9GCqwVNqxxenbPKFmFFf6E0huYDZxbHJ1skETmo3\r
+vae7UYKKLs29GakGxt3CyeuP/wSDDpMTyaxzTZ/SitjuCXYpB9S0omdfxBlxPdMq\r
+wTkk7ef0bKZpC5xEdufj46n86XAFdmsyS2nFPD1stYvkJzu98hkn6lnlgJlhPfL1\r
+2iLhsj7uUKnXrO4TLv8D8pBEc9jJvdlzxw2s7q/TlsG78hIn4jiJdIouVM1ZHyJc\r
+tY9f7IUFhvb0uFyckSfILimAnB/5Ffdg0dI0dGuk4AliMNDNVCbMyxKQG8GNMJHN\r
+DpWUGWiqZvodX0isu7DE6Ud9K9jDKWPewjkwhOvH9X3ZJ2dI75DNx81a6X7/Jnb9\r
+nKXF/ZZoLVEo9GPptt6cOVjzgDgbIrGYhc2o105GrKdnW3vSmTIAmTxRpZhTMmLT\r
+QPkiJVeBeQmT3akZ16fP\r
+=UwVd\r
+-----END PGP SIGNATURE-----\r
+\r
+--C5NDsD6eucQPDMVR8tHCuNvtxKu1l6efU--\r