GNU bug report logs -
#17338
Bug#745553: emacs24-el: mml2015-always-trust should default to nil, not t
Previous Next
Reported by: Rob Browning <rlb <at> defaultvalue.org>
Date: Fri, 25 Apr 2014 01:45:01 UTC
Severity: normal
Tags: security
Merged with 17391
Done: Lars Ingebrigtsen <larsi <at> gnus.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
On 2017-01-25, at 18:19, Lars Ingebrigtsen wrote:
> Daniel Kahn Gillmor <dkg <at> fifthhorseman.net> writes:
>
>> So in the scenario above, Bob's cert is still overall valid (because it
>> has a valid certification over the correct UserID+key from Alice), even
>> though the carol <at> example.org UserID is invalid.
>>
>> I don't know mml-mode or elisp well enough to dig into the code and fix
>> this part of the problem quickly, but if someone has patches that i can
>> look at that would point to where it might be changed, i'd be happy to
>> try to review them.
>
> I'm also mostly unfamiliar with the mml encryption code, but perhaps
> Jens could take a peek at this?
mml2015-always-trust is replaced by mml-secure-openpgp-always-trust
nowadays. I certainly wouldn’t object if the default value was
changed, but lots of long-term users might be surprised.
Also, nowadays, if multiple keys are available for a recipient, the
user is asked which key to use and whether to store that choice.
Then, EasyPG is responsible for calling GnuPG. Maybe something
needs to be adjusted there as well. What is the expected command
line behavior?
Best wishes
Jens
This bug report was last modified 3 years and 88 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.