Hi all,
below is a patch for balsa 2.0 against the balsa-2-0 cvs branch of Jan.
31st, 2004 with a security fix and some minor improvements for GPG
support:
* do not use expired, revoked, disabled or invalid keys for signing and/or
encryption. Note that a message being encrypted with a revoked key (maybe
because it has been cracked) may actually be readible by more people than
the indendet recipient;
* show the padlock icon in the message index also for messages with
encrypted and/or signed parts according to rfc 2440 (OpenPGP) as well as
for embedded rfc 3156 messages. As these messages don't have any
indication about gpg usage in their headers (they are usually text/plain
or multipart/mixed), the icon is shown only after the message has been
displayed. This might overwrite an attachment indicator, though (thanks
again to Andreas Schmidt for suggesting this useful extension);
* show more useful data about the signature in the signature field, and
sort it more logically (I hope ;-));
* replace the fingerprint field in a key selection dialog by the user id
which should be much more useful.
Unfortunately, this patch does *not* fix the problem that checking a
signature fails with the "no data" error (producing two dialog boxes) when
a public key is not in your key ring and auto-retreival from a keyserver
failed. The gpgme team acknowledged that this is a bug in gpgme and works
on a solution. Apparently, the bug does only occur with gpg 1.2.x, not
with the latest alpha versions (1.9.3). The latter one is really difficult
to setup, though. As an alternative, you could disable automatic key
retreival, which should turn gpgme operation back to normal.
Any comments?
Cheers,
Albrecht.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Albrecht Dreß - Johanna-Kirchner-Straße 13 - D-53123 Bonn (Germany)
Phone (+49) 228 6199571 - mailto:albrecht.dress@arcor.de
_________________________________________________________________________
balsa-rfc3156-patch-2004-01-31.gz