Message signing popups....

[René J.V. Bertin]

On Thursday May 28 2020 08:43:28 strato_test wrote:

>So why waste the resources on it?  Why is kmail nudging me with a feature as 
>useless and wasteful as this?  It's great that kmail supports encryption, but 
>for everyone you didn't exchange keys with personally, you can better turn it 
>off.

You can ask the same thing about tons of tiny translation files for just about any known language, 99.99% of which no one speaks (of course the subset is different for each of us). Distro maintainers set up packages for the largest common denominator, and evidently attach great importance to details related to security.  In short, even if it's possible to build PIM without support for encryption or signing they are unlikely to do that. Idem for the case when this feature is provided through optional components detected at runtime; they will probably consider them too important to ship them as an optional package.

Maybe Settings|Security|S/MIME Validation has some control over this, in particular the "validate certificates using CRLs" vs. "online (OCSP)" as well as "do not check policies".

> If you're using Debian or a derivative by chance, there is a gpgsm (GPG for
> S/ MIME) bug related to it not importing system certificates. Unless the
> distro provides the specific integration, gpgsm has no certificate
> authorities to go off of by default.

There must be a fix or update for that which you could install yourself? FWIW, you should be able to install an up-to-date gpg version in a parallel prefix where it won't bit the system version, but configure it to use the same certificate stores etc. as the system does. I've done something similar with OpenSSL, using LD_LIBRARY_PATH and/or LD_PRELOAD to use my versions of select libraries. It's a bit of work, but since I do a lot of development in that parallel prefix anyway it takes me less time than upgrading my OS and figuring out how to set it to my hand again.

R.