Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: David Bremner <david-1j+SLnlVNwXR7s880joybQ <at> public.gmane.org>
Subject: Re: Bug#755544: notmuch-emacs: doesn't check gpg/pgp signatures by default
Newsgroups: gmane.mail.notmuch.general
Date: Monday 21st July 2014 23:16:34 UTC (over 2 years ago)
Vagrant Cascadian  writes:

> Package: notmuch-emacs
> Version: 0.18.1-1
> Severity: important
>
> Thanks for notmuch-emacs, it's great!
>
> I did notice that it doesn't appear to check weather gpg/pgp signatures
are
> valid by default.
>
> When I created a signed message to myself, made a copy of it, and then
manually
> edited the text within without changing the signature...
>
> But notmuch-emacs doesn't distinguish between the valid signature
:
>
>   Subject: valid gpg sig
>   To: [email protected]
>   Date: Mon, 21 Jul 2014 15:03:45 -0700
>   
>   [ multipart/signed ]
>   [ text/plain ]
>   this should be a VALID gpg signature.
>   [ signature.asc: application/pgp-signature ]
>
> And the edited text, with an invalid signature:
>
>   Subject: invalid gpg sig
>   To: [email protected]
>   Date: Mon, 21 Jul 2014 15:03:45 -0700
>   
>   [ multipart/signed ]
>   [ text/plain ]
>   this should be an INVALID gpg signature.
>   [ signature.asc: application/pgp-signature ]

Hi Vagrant;

Thanks for the bug report.  It seems that most of the developers
have customized the emacs variable

notmuch-crypto-process-mime to t

For the moment I suggest that as a workaround, and we'll see about
fixing the UI bug upstream.

notmuch folks: it seems that in vagrant's message, and several others I
checked, it notmuch-crypto-process-mime==nil, then no signature button
is created at all.
 
CD: 3ms