From: David Bremner Date: Mon, 21 Jul 2014 23:16:34 +0000 (+2100) Subject: Re: Bug#755544: notmuch-emacs: doesn't check gpg/pgp signatures by default X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=1f233e17225d5e7bc7dae717cd2f37e9ff62e7cd;p=notmuch-archives.git Re: Bug#755544: notmuch-emacs: doesn't check gpg/pgp signatures by default --- diff --git a/f4/da15ca5a5076853adf342091af0fa260353097 b/f4/da15ca5a5076853adf342091af0fa260353097 new file mode 100644 index 000000000..4993edb1b --- /dev/null +++ b/f4/da15ca5a5076853adf342091af0fa260353097 @@ -0,0 +1,103 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by olra.theworths.org (Postfix) with ESMTP id 6F740431FBF + for ; Mon, 21 Jul 2014 16:16:55 -0700 (PDT) +X-Virus-Scanned: Debian amavisd-new at olra.theworths.org +X-Spam-Flag: NO +X-Spam-Score: 0 +X-Spam-Level: +X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none] + autolearn=disabled +Received: from olra.theworths.org ([127.0.0.1]) + by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id B2HpEF1NTCvU for ; + Mon, 21 Jul 2014 16:16:50 -0700 (PDT) +Received: from yantan.tethera.net (yantan.tethera.net [199.188.72.155]) + (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) + (No client certificate requested) + by olra.theworths.org (Postfix) with ESMTPS id B40F1431FAE + for ; Mon, 21 Jul 2014 16:16:50 -0700 (PDT) +Received: from remotemail by yantan.tethera.net with local (Exim 4.80) + (envelope-from ) + id 1X9Mp0-0001hP-LT; Mon, 21 Jul 2014 20:16:42 -0300 +Received: (nullmailer pid 12758 invoked by uid 1000); Mon, 21 Jul 2014 + 23:16:34 -0000 +From: David Bremner +To: Vagrant Cascadian , 755544@bugs.debian.org +Subject: Re: Bug#755544: notmuch-emacs: doesn't check gpg/pgp signatures by + default +In-Reply-To: <20140721223426.GA5250@siren> +References: <20140721223426.GA5250@siren> +User-Agent: Notmuch/0.18.1+45~gf47eeac (http://notmuchmail.org) Emacs/24.3.1 + (x86_64-pc-linux-gnu) +Date: Mon, 21 Jul 2014 20:16:34 -0300 +Message-ID: <87silucnfx.fsf@maritornes.cs.unb.ca> +MIME-Version: 1.0 +Content-Type: text/plain +Cc: notmuch@notmuchmail.org +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.13 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Mon, 21 Jul 2014 23:16:55 -0000 + +Vagrant Cascadian writes: + +> Package: notmuch-emacs +> Version: 0.18.1-1 +> Severity: important +> +> Thanks for notmuch-emacs, it's great! +> +> I did notice that it doesn't appear to check weather gpg/pgp signatures are +> valid by default. +> +> When I created a signed message to myself, made a copy of it, and then manually +> edited the text within without changing the signature... +> +> But notmuch-emacs doesn't distinguish between the valid signature +: +> +> Subject: valid gpg sig +> To: vagrant@localhost +> Date: Mon, 21 Jul 2014 15:03:45 -0700 +> +> [ multipart/signed ] +> [ text/plain ] +> this should be a VALID gpg signature. +> [ signature.asc: application/pgp-signature ] +> +> And the edited text, with an invalid signature: +> +> Subject: invalid gpg sig +> To: vagrant@localhost +> Date: Mon, 21 Jul 2014 15:03:45 -0700 +> +> [ multipart/signed ] +> [ text/plain ] +> this should be an INVALID gpg signature. +> [ signature.asc: application/pgp-signature ] + +Hi Vagrant; + +Thanks for the bug report. It seems that most of the developers +have customized the emacs variable + +notmuch-crypto-process-mime to t + +For the moment I suggest that as a workaround, and we'll see about +fixing the UI bug upstream. + +notmuch folks: it seems that in vagrant's message, and several others I +checked, it notmuch-crypto-process-mime==nil, then no signature button +is created at all.