From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Newsgroups: gmane.emacs.bugs
Subject: bug#17338: bug#17391: Bug#745553: emacs24-el: mml2015-always-trust
	should default to nil, not t
Date: Thu, 26 Jan 2017 18:13:50 -0500
Message-ID: <87k29h2z4h.fsf@alice.fifthhorseman.net>
References: <20140422190613.18043.21415.reportbug@alice.fifthhorseman.net>
	<877g6eilsp.fsf@trouble.defaultvalue.org>
	<53640041.7070703@fifthhorseman.net> <87k29jvyzc.fsf@gnus.org>
	<87a8aehpf8.fsf@informationelle-selbstbestimmung-im-internet.de>
	<87a8aenaqe.fsf@alice.fifthhorseman.net>
	<87a8add5ye.fsf@informationelle-selbstbestimmung-im-internet.de>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Trace: blaine.gmane.org 1485472843 25278 195.159.176.226 (26 Jan 2017 23:20:43 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Thu, 26 Jan 2017 23:20:43 +0000 (UTC)
Cc: 745553@bugs.debian.org, 17338@debbugs.gnu.org,
	Justus Winter <justus@g10code.com>, 745553-forwarded@bugs.debian.org,
	Lars Ingebrigtsen <larsi@gnus.org>, Daiki Ueno <ueno@gnu.org>,
	17391@debbugs.gnu.org, rlb@defaultvalue.org,
	"Neal H. Walfield" <neal@walfield.org>
To: Jens Lechtenboerger <jens.lechtenboerger@fsfe.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Fri Jan 27 00:20:38 2017
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1cWtKz-0004bY-NU
	for geb-bug-gnu-emacs@m.gmane.org; Fri, 27 Jan 2017 00:20:17 +0100
Original-Received: from localhost ([::1]:41969 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1cWtL4-0004iM-S5
	for geb-bug-gnu-emacs@m.gmane.org; Thu, 26 Jan 2017 18:20:22 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:44564)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1cWtKp-0004cA-Hl
	for bug-gnu-emacs@gnu.org; Thu, 26 Jan 2017 18:20:12 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1cWtKl-0004Tl-Ca
	for bug-gnu-emacs@gnu.org; Thu, 26 Jan 2017 18:20:07 -0500
Original-Received: from debbugs.gnu.org ([208.118.235.43]:48429)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1cWtKl-0004TX-93
	for bug-gnu-emacs@gnu.org; Thu, 26 Jan 2017 18:20:03 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1cWtKl-00053p-4E; Thu, 26 Jan 2017 18:20:03 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org, bugs@gnus.org
Resent-Date: Thu, 26 Jan 2017 23:20:03 +0000
Resent-Message-ID: <handler.17338.B17338.148547277619365@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 17338
X-GNU-PR-Package: emacs,gnus
X-GNU-PR-Keywords: 
Original-Received: via spool by 17338-submit@debbugs.gnu.org id=B17338.148547277619365
	(code B ref 17338); Thu, 26 Jan 2017 23:20:03 +0000
Original-Received: (at 17338) by debbugs.gnu.org; 26 Jan 2017 23:19:36 +0000
Original-Received: from localhost ([127.0.0.1]:46614 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1cWtKK-00052H-GH
	for submit@debbugs.gnu.org; Thu, 26 Jan 2017 18:19:36 -0500
Original-Received: from che.mayfirst.org ([162.247.75.118]:52770)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <dkg@fifthhorseman.net>)
	id 1cWtKF-00051X-8T; Thu, 26 Jan 2017 18:19:31 -0500
Original-Received: from fifthhorseman.net (unknown [38.109.115.130])
	by che.mayfirst.org (Postfix) with ESMTPSA id A0CE7F98C;
	Thu, 26 Jan 2017 18:19:29 -0500 (EST)
Original-Received: by fifthhorseman.net (Postfix, from userid 1000)
	id 5BF8620407; Thu, 26 Jan 2017 18:13:50 -0500 (EST)
In-Reply-To: <87a8add5ye.fsf@informationelle-selbstbestimmung-im-internet.de>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 208.118.235.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs/>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: "bug-gnu-emacs"
	<bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.bugs:128630
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/128630>

On Thu 2017-01-26 13:36:09 -0500, Jens Lechtenboerger wrote:
> On 2017-01-25, at 15:30, Daniel Kahn Gillmor wrote:
>> On Wed 2017-01-25 15:09:47 -0500, Jens Lechtenboerger wrote:
>>> mml2015-always-trust is replaced by mml-secure-openpgp-always-trust
>>> nowadays.  I certainly wouldn’t object if the default value was
>>> changed, but lots of long-term users might be surprised.
>>
>> It's also possible that lots of long-term users might be surprised to
>> find that refreshing one key in their keyring is likely to cause a
>> change in behavior for the use of other keys in their keyring.  this is
>> a silent surprise, which seems worse than a public surprise.
>
> Sorry, I don’t understand this.  What change in one key is causing
> silent changes for other keys?

Without the notification that multiple keys are available, Bob can add
Carol's User ID to his cert ; depending on where the certs are
positioned linearly in Alice's keyring, mail to Carol might be encrypted
to Bob's key, or to Alice's key.

I think this is mitigated at least in part by prompting the user when
there are multiple keys available, though.

> That’s customized in mml-secure-key-preferences.  So, the usual
> customize interface is available.  And there is some code to detect
> and remove unusable customizations.

When was this introduced?  i don't see it, but then i'm still using
emacs24.  Do i need to upgrade?

>> Modern versions of GnuPG also provide a "tofu" mechanism to store and
>> track that kind of decision in.  Neal Walfield (also cc'ed here) put in
>> a lot of that implementation, so he might have some suggestions for the
>> best way to handle it.
>
> If Emacs was relying on GnuPG’s decisions, nothing special would be
> necessary for tofu, right?  (Users could activate that in their
> gpg.conf.)

Neal can answer this better than i can.  I think the TOFU mode works
best when there's a bit of UI integration -- emacs would provide the way
for the user to answer a question prompted by gpg, and then gpg is
responsible for storing/tracking all the info.

            --dkg