[seahorse-nautilus] Warn when signatures are valid but untrusted

[Stefan Walter <stefw src gnome org>]

commit d440ec13198fb75f75996709bde32e4121ff8c9e
Author: Jérémy Bobbio <lunar debian org>
Date:   Mon Sep 23 16:23:00 2013 +0000

    Warn when signatures are valid but untrusted
    
    When verifying a signature seahorse-tool currently behave just the same if the
    signing key is trusted or not. Given that the only the uid of the key is given
    in the notification, this opens the door to some attacks.
    
    Display two different messages depending on the validity
    level of the signing key.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=708640

 tool/seahorse-notification.c |    9 +++++++--
 1 files changed, 7 insertions(+), 2 deletions(-)
---
diff --git a/tool/seahorse-notification.c b/tool/seahorse-notification.c
index 6fcc1b6..a9f0bfb 100644
--- a/tool/seahorse-notification.c
+++ b/tool/seahorse-notification.c
@@ -624,8 +624,13 @@ seahorse_notify_signatures (const gchar* data, gpgme_verify_result_t status)
         break;
     case GPG_ERR_NO_ERROR:
        /* TRANSLATORS: <key id='xxx'> is a custom markup tag, do not translate. */
-        body = _("Signed by <i><key id='%s'/></i> on %s.");
-        title = _("Good Signature");
+        if (status->signatures->validity >= GPGME_VALIDITY_FULL) {
+            title = _("Good Signature");
+            body = _("Signed by <i><key id='%s'/></i> on %s.");
+        } else {
+            title = _("Untrusted Valid Signature");
+            body = _("Valid but <b>untrusted</b> signature by <i><key id='%s'/></i> on %s.");
+        }
         icon = ICON_PREFIX "seahorse-sign-ok.png";
         sig = TRUE;
         break;