[Differential] [Updated] D4255: Introduce Kleo::trustLevel()

Andre Heinecke noreply at phabricator.kde.org
Thu Jan 26 11:26:06 GMT 2017 

aheinecke added a comment.


  Ideally this would go into GnuPG, but we don't want to rush through such a change in GnuPG proper now because modification of the validity level would probably break a lot. And as this is ultimately a display thing it's ok imo to do it in a MUA for now.
  We have a gnupg-devel hackathon in two weeks where we want to discuss / work on putting more stuff of the AME concept into GnuPG proper or at least GpgME core. But even if we did that it would still take very long until such a GnuPG version would be available in most distros.

INLINE COMMENTS

> enum.cpp:274
> +
> +    auto job = QGpgME::openpgp()->keyListJob(false, false, false);
> +    std::vector<GpgME::Key> keys;

I would prefer the use of the keycache here. Keylistings can be really really slow especially when listing all keys. Maybe holding a static ref to the keycache here to avoid it being destroyed after each call.

> enum.cpp:305
> +    case GpgME::UserID::Marginal:
> +        // Marginal trust, level will depend on TOFU history
> +        switch (uid.tofuInfo().validity()) {

In Outlook I currently treat "Marginal" as Level 2 if uid.tofuInfo.isNull() TofuInfo.
If TOFU info isNull this means marginal trust through the Web of Trust. KMail and Kleopatra currently treat such keys as "Trusted" and "Green" which is the meaning I see for Level 2.
For most existing users Web of Trust only will still be used in the short term future.

To explain:
If tofu+pgp is used every key has marginal trust from the start. So we don't want to show "Green" until we have at least basic history. If only pgp is used only Keys that have at least a weak trustpath are marginal.

> enum.cpp:309
> +        case GpgME::TofuInfo::Conflict:
> +        case GpgME::TofuInfo::NoHistory:
> +        case GpgME::TofuInfo::LittleHistory:

This should be lvl 0

> enum.cpp:310
> +        case GpgME::TofuInfo::NoHistory:
> +        case GpgME::TofuInfo::LittleHistory:
> +            // Marginal trust, but not enough history -> level 0

This then Level 1

> enum.cpp:313
> +            return Level0;
> +        case GpgME::TofuInfo::BasicHistory:
> +            // Marginal trust, but only basic history -> level 1

And Basic History should be the same as Large History: Level 2

REPOSITORY
  R90 PIM: Kleo Library

REVISION DETAIL
  https://phabricator.kde.org/D4255

EMAIL PREFERENCES
  https://phabricator.kde.org/settings/panel/emailpreferences/

To: dvratil, aheinecke
Cc: knauss, #kde_pim, dvasin, winterz, vkrause, mlaurent, dvratil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-pim/attachments/20170126/b2f74842/attachment.html>

More information about the kde-pim mailing list