Re: Complaints about GPG Key

Am 09.12.08 22:36 schrieb(en) Pawel Salek:
- Add the statement "keyserver-options auto-key-retrieve" to your ~/.gnupg/gpg.conf file. Gpg will then automagically try to retrieve the key. Basically, there is no good reason why you shouldn't add these keys to you local key ring; if you don't sign them, you don't trust them, and consequently balsa will show you a yellow padlock. However, it still can check the integrity of the message itself (this is how the "web of trust" is supposed to work).

- Right-click on the mailbox folder, select Properties, and say "never" for "Decrypt and check signatures automatically". As to check a signature or to decrypt an encrypted message, you now have to use the button in the headers box manually. The message will pop only if you issue the check.

Is there any way we can help the user with it? Can we provide the information as above somehow?

The description of the latter (mailbox options) should go into the Balsa help file.

It feels that auto-key-retrieve should be default, can balsa make it easier for the user to set it as default. Say, when balsa starts up, it could check for the presence of this option, and if absent, display a dialog (that can be disabled with a simple "don't show it again").

Balsa uses GnuPG and GpgSM (through gpgme) only as crypto backends. Other completely different crypto backends (though unusual) are possible. The Gpg config itself may be in different files (new style gpg.conf vs. old style options), and the folder for them is user-configurable. Thus, it would be difficult for Balsa to properly detect and tweak the option. Furthermore, I strongly dislike applications which change my hand-crafted configs (as e.g. seahorse does). This is something in the scope of gnupg packagers for your disto, not for Balsa.

Just my € 0.01...

Cheers, Albrecht.

Attachment: pgpGBKl9khE9d.pgp
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]