[kmail2] [Bug 373314] New: Verify GPG key emails when signing an email

William L. Thomson Jr. bugzilla_noreply at kde.org
Mon Dec 5 21:01:16 GMT 2016


            Bug ID: 373314
           Summary: Verify GPG key emails when signing an email
           Product: kmail2
           Version: unspecified
          Platform: Other
                OS: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: composer
          Assignee: kdepim-bugs at kde.org
          Reporter: wlt-ml at o-sinc.com
  Target Milestone: ---

Not sure if this is a kmail bug or other. I think it is something Kmail can
address. Since the from field in the composer ng is editable. You can spoof
someone elses email address really easily. I accidentally did that, and Kmail
allowed me to sign an email. Despite the from address in the email not being
one of the email address in my GPG key.

Seems Kmail should only sign an email with a GPG Key that contains the From
address in the email.

You are receiving this mail because:
You are the assignee for the bug.

More information about the Kdepim-bugs mailing list