* Do users need to set `mml-secure-signer-names' (etc) now?
@ 2020-04-28 15:59 Karl Fogel
2020-04-28 16:12 ` Eli Zaretskii
2020-04-29 12:38 ` Robert Pluim
0 siblings, 2 replies; 4+ messages in thread
From: Karl Fogel @ 2020-04-28 15:59 UTC (permalink / raw)
To: Emacs Devel
For a while now, sending GPG-signed emails from message mode (just signed, not encrypted) has been failing for me with an error from `mml-secure-epg-sign':
"Couldn't find any signer names."
This is a regression -- in the past, message mode would correctly figure out the signer identity from the message's sender.
(Note that an older version of that error message suggested setting `mml-secure-smime-sign-with-sender'. Because I encountered the error when `mml-secure-smime-sign-with-sender' was set to non-nil, I improved the error message in commit 06cb8350c69 on 4 Nov 2019: now it only makes that suggestion if the variable is nil. However, even with that variable set, the problem still occurrs for me, and I said I would debug further -- see [1] for more context.)
I've now debugged enough to reach a question:
Is it intended that users should set at least one of `mml-secure-signer-names' or `mml-secure-openpgp-sign-with-sender' in order for message-signing to work?
I would hope not, because using the message sender as the signing party seems like a reasonable default behavior. Anyway, I can't proceed further without knowing the intended behavior -- I don't yet know if I'm looking at a bug or if it's simply that user-configuration requirements changed and I didn't get the memo.
Here is what led me to this question:
In lisp/gnus/mml-sec.el, `mml-secure-signer-names' returns nil if `mml-secure-openpgp-signers' is not set *and* `mml-secure-openpgp-sign-with-sender' is not set. (This is all in the `OpenPGP' protocol case; I'm not concerned with the non-OpenPGP case right now.) Naturally, `mml-secure-epg-sign' fails with the above error when `mml-secure-signer-names' returns nil.
So if I set `mml-secure-openpgp-sign-with-sender', then I can send signed messages again (that variable was nil by default for me). I have never set `mml-secure-openpgp-signers' in my .emacs, and neither it nor `mml-secure-smime-sign-with-sender' are mentioned in any NEWS file. However, `mml-secure-openpgp-sign-with-sender' is mentioned in NEWS.27:
> *** 'mml-secure-openpgp-sign-with-sender' sets also "gpg --sender".
> When 'mml-secure-openpgp-sign-with-sender' is non-nil, message sender's
> email address (in addition to its old behavior) will also be used to
> set gpg's "--sender email@domain" option.
>
> The option is useful for two reasons when verifying the signature:
>
> 1. GnuPG's TOFU statistics are updated for the specific user id
> (email) only. See gpg(1) man page about "--sender".
>
> 2. GnuPG's "--auto-key-retrieve" functionality can use WKD (web key
> directory) method for finding the signer's key. You need GnuPG
> 2.2.17 to fully benefit from this feature. See gpg(1) man page for
> "--auto-key-retrieve".
I don't fully understand that NEWS entry, but the "(in addition to its old behavior)" implies to me that defaulting-to-sender-as-signer was perhaps never intended to break? I can't tell for sure, because I'm not sure what the old behavior was. The only other mention of that variable in a NEWS entry is this, chronologically earlier (lower down) in NEWS.27:
> ---
> *** 'epg-context' structure supports now 'sender' slot.
> The value of the new 'sender' slot (if a string) is used to set gpg's
> "--sender" option. This feature is used by
> 'mml-secure-openpgp-sign-with-sender'. See gpg(1) manual page about
> "--sender" for more information.
So do we intend that users should set at least one of `mml-secure-signer-names' or `mml-secure-openpgp-sign-with-sender' in order to get use-sender-as-signer behavior? Or should Emacs just derive the signer from the sender automagically (as I believe it used to)?
This is all with recent `master'. I haven't tested with the Emacs 27 branch yet.
Best regards,
-Karl
[1] See these two posts:
From: Karl Fogel
To: Emacs Devel
Subject: [PATCH] Improve signer name error in `mml-secure-epg-sign'.
Date: Mon, 04 Nov 2019 14:38:00 -0600
Message-ID: <87tv7j74yf.fsf@red-bean.com>
From: Karl Fogel
To: Emacs Devel
Subject: Re: [PATCH] Improve signer name error in `mml-secure-epg-sign'.
Date: Sat, 09 Nov 2019 15:38:55 -0500
Message-ID: <87d0e0kco0.fsf@red-bean.com>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Do users need to set `mml-secure-signer-names' (etc) now?
2020-04-28 15:59 Do users need to set `mml-secure-signer-names' (etc) now? Karl Fogel
@ 2020-04-28 16:12 ` Eli Zaretskii
2020-04-28 18:08 ` Karl Fogel
2020-04-29 12:38 ` Robert Pluim
1 sibling, 1 reply; 4+ messages in thread
From: Eli Zaretskii @ 2020-04-28 16:12 UTC (permalink / raw)
To: Karl Fogel; +Cc: emacs-devel
> From: Karl Fogel <kfogel@red-bean.com>
> Date: Tue, 28 Apr 2020 10:59:18 -0500
>
> For a while now, sending GPG-signed emails from message mode (just signed, not encrypted) has been failing for me with an error from `mml-secure-epg-sign':
>
> "Couldn't find any signer names."
>
> This is a regression -- in the past, message mode would correctly figure out the signer identity from the message's sender.
Isn't this bug#40118?
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Do users need to set `mml-secure-signer-names' (etc) now?
2020-04-28 16:12 ` Eli Zaretskii
@ 2020-04-28 18:08 ` Karl Fogel
0 siblings, 0 replies; 4+ messages in thread
From: Karl Fogel @ 2020-04-28 18:08 UTC (permalink / raw)
To: Eli Zaretskii; +Cc: emacs-devel
On 28 Apr 2020, Eli Zaretskii wrote:
>> From: Karl Fogel <kfogel@red-bean.com>
>> Date: Tue, 28 Apr 2020 10:59:18 -0500
>>
>> For a while now, sending GPG-signed emails from message mode (just signed, not encrypted) has been failing for me with an error from `mml-secure-epg-sign':
>>
>> "Couldn't find any signer names."
>>
>> This is a regression -- in the past, message mode would correctly figure out the signer identity from the message's sender.
>
>Isn't this bug#40118?
Thank you, Eli! I didn't think to search in the tracker this time around; I should have.
The conversation there is what I should track, so I'll start doing so now.
Best regards,
-Karl
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Do users need to set `mml-secure-signer-names' (etc) now?
2020-04-28 15:59 Do users need to set `mml-secure-signer-names' (etc) now? Karl Fogel
2020-04-28 16:12 ` Eli Zaretskii
@ 2020-04-29 12:38 ` Robert Pluim
1 sibling, 0 replies; 4+ messages in thread
From: Robert Pluim @ 2020-04-29 12:38 UTC (permalink / raw)
To: Karl Fogel; +Cc: Emacs Devel
>>>>> On Tue, 28 Apr 2020 10:59:18 -0500, Karl Fogel <kfogel@red-bean.com> said:
Karl> For a while now, sending GPG-signed emails from message mode (just
Karl> signed, not encrypted) has been failing for me with an error from
Karl> `mml-secure-epg-sign':
Karl> "Couldn't find any signer names."
Karl> This is a regression -- in the past, message mode would
Karl> correctly figure out the signer identity from the message's
Karl> sender.
No, it wouldnʼt, it just looked like it did. But see bug#40118, as Eli
pointed out. That should answer (most of) your other questions.
Robert
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-04-29 12:38 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-28 15:59 Do users need to set `mml-secure-signer-names' (etc) now? Karl Fogel
2020-04-28 16:12 ` Eli Zaretskii
2020-04-28 18:08 ` Karl Fogel
2020-04-29 12:38 ` Robert Pluim
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).