[kmail2] [Bug 291890] Kmail2 ignores signatures of inline PGP messages

Christian Boltz kde-bugs at cboltz.de
Fri Oct 4 11:03:19 BST 2013


https://bugs.kde.org/show_bug.cgi?id=291890

Christian Boltz <kde-bugs at cboltz.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |kde-bugs at cboltz.de

--- Comment #6 from Christian Boltz <kde-bugs at cboltz.de> ---
I listed some details in https://bugzilla.novell.com/show_bug.cgi?id=667717#c8

copy&paste from there:
----------
Your link was quite helpful - removing the "log-file" option solved the problem
and KMail displayed the inline-signed mails as signed.

But now to the interesting part - who added this line?

# tail ~/.gnupg/gpg.conf
###+++--- GPGConf ---+++###
utf8-strings
debug-level advanced
log-file socket:///home/cb/.gnupg/log-socket
###+++--- GPGConf ---+++### Fr 27 Sep 2013 17:51:54 CEST
# GPGConf edited this configuration file.
# It will disable options before this marked block, but it will
# never change anything below these lines.

Note that the mentioned time is very close to comment #6.
What did I do before writing the comment? Well, I checked what the GnuPG Log
watch (binary "watchgnupg", "GnuPG-Protokollanzeige" in german KMail) tells me
about an inline-signed mail.

And indeed, after starting GnuPG log watch again, I have a fresh "log-file
socket://..." line in gpg.conf - and KMail no longer displays the mail as
signed.

So basically this bug consists of 3 bugs:
a) kwatchgnupg changes the gpg.conf in a way that breaks KMail
   (by adding the lines quoted above)
b) kwatchgnupg does not undo its change at exit, which means the then 
   dead socket stays in gpg.conf
c) KMail does not display any notice about the failed gpg call - it should
   display a yellow border and tell me that it couldn't check the signature)

For c), see also [1] from comment 7:
    "If the output from STDERR cannot be parsed due to an error in gpg, 
    kmail internally does not set the flag that the mail was signed at all"

BTW: I wasn't aware that some KMail developers listened to my "1001 bugs - or:
the golden rules of bad programming" talk at oSC11 or LinuxTag 2012. Rule 21
said:
    Users hate error messages
    Conclusion: never print an error message. Fail silently instead
;-))
----------

To make it clear: The reproducer is to start kwatchgnupg which adds the
"log-file socket:///home/cb/.gnupg/log-socket" line to ~/.gnupg/gpg.conf

-- 
You are receiving this mail because:
You are the assignee for the bug.



More information about the Kdepim-bugs mailing list