From: Tomas Nordin <tomasn@posteo.net>
To: Philip Hands <phil@hands.com>, notmuch@notmuchmail.org
Subject: Re: Ultimate trust
Date: Sun, 22 Mar 2020 23:21:36 +0100 [thread overview]
Message-ID: <87mu88kp3j.fsf@fliptop.i-did-not-set--mail-host-address--so-tickle-me> (raw)
In-Reply-To: <87d094ciaw.fsf@hands.com>
Philip Hands <phil@hands.com> writes:
> Tomas Nordin <tomasn@posteo.net> writes:
>
>> Teemu Likonen <tlikonen@iki.fi> writes:
> ...
>>> I do this: I press "Yes" (to trust "ultimately") but then immediately go
>>> edit ~/.gnupg/trustlist.txt file and put "!" mark in the beginning of
>>> that certificate authority's key fingerprint. It marks that key
>>> untrusted (because I really don't know). Then: "gpgconf --reload
>>> gpg-agent".
>>
>> OK, thanks. That already feels better, knowing I can revert this trust
>> easily like that. And some better understanding for whats going on.
>
> That seems like a UI bug to me -- I'd have thought that there should be
> a "No" button so that you can stop it repeatedly asking (presumably by
> automatically doing the same as the above manual procedure).
I agree there should be a "No" button doing the same thing as this
manual procedure. Especially if the performance penalty is removed that
way (like when answering yes), which I didn't test yet. (Before
answering yes in the cases I refer to there was a significant hang in
Emacs before the prompt show up)
>
> Would anyone happen to know where that should be reported?
>
> I have a feeling that I'd want to default that to answering "No", and
> never see the prompt.
>
> The number of people I'm willing to declare ultimate trust in is quite
> limited, and even for those, I'm not going to do it via some unfamiliar
> bit of UI that springs up unexpectedly. This strikes me as mildly
> deranged, and appears to be trying to train users to do the wrong thing.
From Teemu's explaination I understood the trust is not really about the
sender but the "authority" which is certifying the senders key
(GlobalSign in this case). And in my example the message is from some
organisation connected to my work where I am guessing it is the IT
department who has decided to set this up.
While I am asked a question I cannot possibly answer I think it is
better to ask (making clear something is going on) then just do
something without my knowledge which I think is common with main stream
mail agents. But it would be better as you say to be able to say "No"
and also be given a hint about the file where this is recorded.
PS: Besides that record in the trustlist.txt file I still don't
understand what the possible side effect is. Other than removal of
the delay.
--
Tomas
next prev parent reply other threads:[~2020-03-22 22:21 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-21 14:37 Ultimate trust Tomas Nordin
2020-03-21 15:43 ` Teemu Likonen
2020-03-22 14:30 ` Tomas Nordin
2020-03-22 19:15 ` Philip Hands
2020-03-22 22:21 ` Tomas Nordin [this message]
2020-03-23 1:20 ` David Bremner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87mu88kp3j.fsf@fliptop.i-did-not-set--mail-host-address--so-tickle-me \
--to=tomasn@posteo.net \
--cc=notmuch@notmuchmail.org \
--cc=phil@hands.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).