Re: [Evolution] Ximian Seal of Approval



While I agree that it would be nice, it's just not possible to do
because PGP doesn't tell us much in it's return code (it tells us "yes,
it's valid" or "no, it's not valid"). The text you see below the first
line is all from PGP's stderr and we can't parse that because we don't
even know what language it's in, and even if we did it'd still be nearly
impossible to parse.

Jeff

On Thu, 2001-09-27 at 16:16, Terry Browning wrote:
I've been looking at the neat Seal of Approval logo for good sigs and I
like it :)
Just two points:

    1 It would be nice to have the logo at the top of the email, so that
    it's immediately visible on long emails and readers see immediately
    when they can't trust a message
    
    2 The mail I'm looking at (a Linux Mandrake Security Announcement
    from vdanen mandrakesoft com) claims:
    "This message is digitally signed and has been found to be
    authentic"
    and
    "gpg: There is no indication that the signature belongs to the
    owner."
    I know that I should take the identity of the signer with a pinch of
    salt and treat the mail as no better than unsigned, but a naive user
    would look at the first line of text alongside the intact seal and
    think that the signature must be genuine.
    Could the message (1) be changed to something like
    "This message is digitally signed, but the identity of the signer is
    uncertain.",
    maybe with the seal logo cracked in two (to distinguish it from a
    smashed seal for an invalid signature)? Alternately, the seal could
    be just a dribble or blob of wax without the Ximian logo to indicate
    an incomplete seal.

--
Terry






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]