Re: [Evolution] Misleading PGP/GPG signature message

From: Not Zed <notzed ximian com>
To: Sandip Bhattacharya <sandip lug-delhi org>
Cc: Evolution Users Mailing List <evolution lists ximian com>
Subject: Re: [Evolution] Misleading PGP/GPG signature message
Date: Thu, 27 Jan 2005 13:38:50 +0800

On Thu, 2005-01-27 at 08:50 +0530, Sandip Bhattacharya wrote:

On Thu, 2005-01-27 at 10:30 +0800, Not Zed wrote:
> 
> I dont think its important.  There are really only 2 states.
> Good/trusted, or not.  You can click on the icon for more details, but
> the only important info for normal use is whether it is trusted or
> not.

I feel the two states are: 
 1. Have key in keyring: This has three sub states:
   a. Good & the key is trusted
   b. Good but the key is *not* trusted (e.g. security updates where you
might not have a chain of trust to the signer)
   c. Bad 
 2. Unverifiable

Evo currently mentions 1a and 1b, but mixes up 1c and 2. It takes user
intervention (by clicking on the tab) to find out which one is which.

It is important to distinguish between 1c and 2, because you often get
signed messages from people whom you might have missed adding to your
keyring. And you would like to be sure that you know either their
message has been modified in transit or that you need to import their
keys. e.g. when somebody changes their keys.

You're still going to have to look at the details window.

References:
- [Evolution] Misleading PGP/GPG signature message
  - From: Sandip Bhattacharya
- Re: [Evolution] Misleading PGP/GPG signature message
  - From: Not Zed
- Re: [Evolution] Misleading PGP/GPG signature message
  - From: Sandip Bhattacharya

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]