GNU bug report logs - #17338
Bug#745553: emacs24-el: mml2015-always-trust should default to nil, not t

Previous Next

Packages: emacs, gnus;

Reported by: Rob Browning <rlb <at> defaultvalue.org>

Date: Fri, 25 Apr 2014 01:45:01 UTC

Severity: normal

Tags: security

Merged with 17391

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Daiki Ueno <ueno <at> gnu.org>
To: Jens Lechtenboerger <jens.lechtenboerger <at> fsfe.org>
Cc: 745553 <at> bugs.debian.org, 17338 <at> debbugs.gnu.org, Justus Winter <justus <at> g10code.com>, Daniel Kahn Gillmor <dkg <at> fifthhorseman.net>, 745553-forwarded <at> bugs.debian.org, Lars Ingebrigtsen <larsi <at> gnus.org>, 17391 <at> debbugs.gnu.org, rlb <at> defaultvalue.org, "Neal H. Walfield" <neal <at> walfield.org>
Subject: bug#17338: bug#17391: Bug#745553: emacs24-el: mml2015-always-trust should default to nil, not t
Date: Thu, 26 Jan 2017 20:34:22 +0100

Jens Lechtenboerger <jens.lechtenboerger <at> fsfe.org> writes:

>> Modern versions of GnuPG automatically select the key which GnuPG knows
>> to have the best validity among all matches for the selector, thanks to
>> work put in by Justus Winter (cc'ed), so letting GnuPG make the decision
>> would relieve emacs of most of the hard work here, and would also mean
>> that any changes that the user makes to their GnuPG keyring would
>> automatically take effect in emacs without mml-mode needing to do
>> anything.
>
> The mml code is based on EasyPG by Daiki Ueno (cc’ed).  EasyPG makes
> use of sub-keys and their IDs for encryption commands, instead of
> relying on GnuPG’s selections.

It was suggested by Werner to do key selection in Emacs, like GPGME.  I
don't know whether GPGME changed the logic though.

>> Modern versions of GnuPG also provide a "tofu" mechanism to store and
>> track that kind of decision in.  Neal Walfield (also cc'ed here) put in
>> a lot of that implementation, so he might have some suggestions for the
>> best way to handle it.

I'm afraid I wouldn't do any work toward tofu at this level of quality;
in particular, until they reach the consensus whether tofu is only
activated when encryption is triggered by an email address.

Regards,
-- 
Daiki Ueno
This bug report was last modified 3 years and 89 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.