[kmail2] [Bug 64424] More fine grained color coding of GPG/PGP signed messages in KMail (wishlist)
A. Sala
asala at isa.upv.es
Fri Mar 8 09:21:18 GMT 2013
https://bugs.kde.org/show_bug.cgi?id=64424
--- Comment #15 from A. Sala <asala at isa.upv.es> ---
(in reply to comment #14)
Well, I think that one thing is the "bug" which is well detailed in 295043: a
signature "neither expired, nor revoked" at "the time of Kmail receiving 1st
time the message" should be "valid", according to the trust of the signature.
So, indeed, that is a BUG: a valid signature is flagged as invalid by Kmail.
In fact, 295043 is a duplicate of 59626: this issue is hanging around since
__2003__, wow!!!
So, then, a different issue is how do deal with that bug in the user interface.
Of course, it will be up to the developer which fixes the bug, and maybe he
will think on an easier/different solution as the proposed here.
Thus, this "bug 64424" (wishlist for user interface) suggests to give by
default additional information such as different colour for two possible issues
"valid at the time of reception, but now expired", "valid at the time of
reception, but now revoked", which combined with the original trust level might
make the user think about double-checking.
So, in general, I think that they are not "exactly" the same: 295403 requires
correcting the bug in whatever way kde developers think of. 64424 suggests how
to do it via potential further information in the user interface that would fix
the bug and provide more accurate info to the user. So, I guess that bug 295403
should be marked as a "subset" of this one, similarly to bug 59626.
To summarise my interpretation of 64424 whishlist:
Kmail2 provides NOW different colours for
a- openpgp encrypted
b- openpgp signed valid trusted
c- openpgp signed valid untrusted
d- openpgp signed cannot check validity
e- openpgp wrong signature
although default for c,d are the same (yellow).
Bug 295403 says that some messages are wrongly flagged as "e". I aggree.
This "wishlist" suggests a new set of status variables and associated colours
and text in Kmail message display, at least consisting of:
a- openpgp encrypted
b- openpgp valid signature ultimately trusted (green default)
c- openpgp valid signature untrusted (even c1, c2... for several trust levels?
too complicated maybe) (yellow default)
d- openpgp signed cannot check validity (yellow default)
e- openpgp valid when received, now expired (might be green by default: expired
without revocation doesn't raise any particular suspicion)
f- openpgp valid when received, revoked at a later date (might be red/orange by
default... revoked signatures must raise suspicion, but the Kmail _text_ info
must not be the same as "g")
g- openpgp bad signature
Disclaimer: I am neither a crypto expert at all, nor a software developer...
I'm a plain end user playing with gpg signatures "just to learn", and I am not
knowledgeable on the policies for setting kde bug status... so others will be
able to make better suggestions and do the right "fusion" between this and
295403... but somebody might have a look at this 10-year-old pending thing...
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Kdepim-bugs
mailing list