[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#17338: bug#17391: Bug#745553: emacs24-el: mml2015-always-trust shoul
From: |
Daniel Kahn Gillmor |
Subject: |
bug#17338: bug#17391: Bug#745553: emacs24-el: mml2015-always-trust should default to nil, not t |
Date: |
Thu, 26 Jan 2017 18:13:50 -0500 |
On Thu 2017-01-26 13:36:09 -0500, Jens Lechtenboerger wrote:
> On 2017-01-25, at 15:30, Daniel Kahn Gillmor wrote:
>> On Wed 2017-01-25 15:09:47 -0500, Jens Lechtenboerger wrote:
>>> mml2015-always-trust is replaced by mml-secure-openpgp-always-trust
>>> nowadays. I certainly wouldn’t object if the default value was
>>> changed, but lots of long-term users might be surprised.
>>
>> It's also possible that lots of long-term users might be surprised to
>> find that refreshing one key in their keyring is likely to cause a
>> change in behavior for the use of other keys in their keyring. this is
>> a silent surprise, which seems worse than a public surprise.
>
> Sorry, I don’t understand this. What change in one key is causing
> silent changes for other keys?
Without the notification that multiple keys are available, Bob can add
Carol's User ID to his cert ; depending on where the certs are
positioned linearly in Alice's keyring, mail to Carol might be encrypted
to Bob's key, or to Alice's key.
I think this is mitigated at least in part by prompting the user when
there are multiple keys available, though.
> That’s customized in mml-secure-key-preferences. So, the usual
> customize interface is available. And there is some code to detect
> and remove unusable customizations.
When was this introduced? i don't see it, but then i'm still using
emacs24. Do i need to upgrade?
>> Modern versions of GnuPG also provide a "tofu" mechanism to store and
>> track that kind of decision in. Neal Walfield (also cc'ed here) put in
>> a lot of that implementation, so he might have some suggestions for the
>> best way to handle it.
>
> If Emacs was relying on GnuPG’s decisions, nothing special would be
> necessary for tofu, right? (Users could activate that in their
> gpg.conf.)
Neal can answer this better than i can. I think the TOFU mode works
best when there's a bit of UI integration -- emacs would provide the way
for the user to answer a question prompted by gpg, and then gpg is
responsible for storing/tracking all the info.
--dkg
- bug#17338: bug#17391: Bug#745553: emacs24-el: mml2015-always-trust should default to nil, not t, Lars Ingebrigtsen, 2017/01/25
- bug#17338: bug#17391: Bug#745553: emacs24-el: mml2015-always-trust should default to nil, not t, Jens Lechtenboerger, 2017/01/25
- bug#17391: Bug#745553: emacs24-el: mml2015-always-trust should default to nil, not t, Daniel Kahn Gillmor, 2017/01/25
- bug#17338: bug#17391: Bug#745553: emacs24-el: mml2015-always-trust should default to nil, not t, Jens Lechtenboerger, 2017/01/26
- bug#17338: bug#17391: Bug#745553: emacs24-el: mml2015-always-trust should default to nil, not t, Daiki Ueno, 2017/01/26
- bug#17338: bug#17391: Bug#745553: emacs24-el: mml2015-always-trust should default to nil, not t, Daniel Kahn Gillmor, 2017/01/26
- bug#17338: bug#17391: Bug#745553: emacs24-el: mml2015-always-trust should default to nil, not t, Daiki Ueno, 2017/01/26
- bug#17338: bug#17391: Bug#745553: emacs24-el: mml2015-always-trust should default to nil, not t,
Daniel Kahn Gillmor <=
- bug#17338: bug#17391: Bug#745553: emacs24-el: mml2015-always-trust should default to nil, not t, Jens Lechtenboerger, 2017/01/27
bug#17391: Bug#745553: emacs24-el: mml2015-always-trust should default to nil, not t, Daniel Kahn Gillmor, 2017/01/26