Re: Complaints about GPG Key

[Paweł Sałek <pawsa theochem kth se>]

On 12/10/2008 12:43:36 AM, Geoffrey Leach wrote:
> > > [cut]
> > > the key.  Basically, there is no good reason why you shouldn't add
> > > these keys to you local key ring; if you don't sign them, you don't
> >
> > > trust them, and consequently balsa will show you a yellow padlock.
> >
> > > However, it still can check the integrity of the message itself
> > (this
> > > is how the "web of trust" is supposed to work).
> > >
> > > - Right-click on the mailbox folder, select Properties, and say
> > > "never" for "Decrypt and check signatures automatically".  As to
> > > check a signature or to decrypt an encrypted message, you now have
> > to
> > > use the button in the headers box manually.  The message will pop
> > > only if you issue the check.
> >
> > Is there any way we can help the user with it? Can we provide the
> > information as above somehow? It feels that auto-key-retrieve should
> > be
> > default, can balsa make it easier for the user to set it as default.
> > Say, when balsa starts up, it could check for the presence of this
> > option, and if absent, display a dialog (that can be disabled with a
> > simple "don't show it again").
>
> Hmmmm ... How's about "Don't ask, don't retrieve" as the default. Or a
> (global) selection in Preferences/Status Messages?

That is a sane default. But is not "attempt verifying the message  
identity if it can be done transparently to the user" better?

Actually, I believe gpgme library should provide  an interface to perform  
the action "try verifying, if the key is missing, fetch it"... It could  
alternatively provide two actions "verify", and "fetch key" so that balsa  
can do if(verify failed due to missing key) { fetch key; verify; }

Pawel