Re: Bug#755544: notmuch-emacs: doesn't check gpg/pgp signatures by default

Re: Bug#755544: notmuch-emacs: doesn't check gpg/pgp signatures by default

[David Bremner]

Vagrant Cascadian <vagrant@debian.org> writes:

> Package: notmuch-emacs
> Version: 0.18.1-1
> Severity: important
>
> Thanks for notmuch-emacs, it's great!
>
> I did notice that it doesn't appear to check weather gpg/pgp signatures are
> valid by default.
>
> When I created a signed message to myself, made a copy of it, and then manually
> edited the text within without changing the signature...
>
> But notmuch-emacs doesn't distinguish between the valid signature
:
>
>   Subject: valid gpg sig
>   To: vagrant@localhost
>   Date: Mon, 21 Jul 2014 15:03:45 -0700
>   
>   [ multipart/signed ]
>   [ text/plain ]
>   this should be a VALID gpg signature.
>   [ signature.asc: application/pgp-signature ]
>
> And the edited text, with an invalid signature:
>
>   Subject: invalid gpg sig
>   To: vagrant@localhost
>   Date: Mon, 21 Jul 2014 15:03:45 -0700
>   
>   [ multipart/signed ]
>   [ text/plain ]
>   this should be an INVALID gpg signature.
>   [ signature.asc: application/pgp-signature ]

Hi Vagrant;

Thanks for the bug report.  It seems that most of the developers
have customized the emacs variable

notmuch-crypto-process-mime to t

For the moment I suggest that as a workaround, and we'll see about
fixing the UI bug upstream.

notmuch folks: it seems that in vagrant's message, and several others I
checked, it notmuch-crypto-process-mime==nil, then no signature button
is created at all.

Re: Bug#755544: notmuch-emacs: doesn't check gpg/pgp signatures by default

[Jameson Graef Rollins]

[-- Attachment #1: Type: text/plain, Size: 466 bytes --]

On Mon, Jul 21 2014, David Bremner <david@tethera.net> wrote:
> notmuch folks: it seems that in vagrant's message, and several others I
> checked, it notmuch-crypto-process-mime==nil, then no signature button
> is created at all.

Yes, this is true.  The signature button is pretty meaningless if we're
not processing the signature.

Maybe instead by default we could have a signature button that opens up
a notmuch-crypto-process-mime customization buffer?

jamie.

[-- Attachment #2: Type: application/pgp-signature, Size: 818 bytes --]

Re: Bug#755544: notmuch-emacs: doesn't check gpg/pgp signatures by default

[Daniel Kahn Gillmor]

[-- Attachment #1: Type: text/plain, Size: 748 bytes --]

On 07/21/2014 09:03 PM, Jameson Graef Rollins wrote:
> On Mon, Jul 21 2014, David Bremner <david@tethera.net> wrote:
>> notmuch folks: it seems that in vagrant's message, and several others I
>> checked, it notmuch-crypto-process-mime==nil, then no signature button
>> is created at all.
> 
> Yes, this is true.  The signature button is pretty meaningless if we're
> not processing the signature.
> 
> Maybe instead by default we could have a signature button that opens up
> a notmuch-crypto-process-mime customization buffer?

Or the button could just re-load the current view while processing the
signature, and send "you can customize notmuch-crypt-process-mime to do
this automatically in the future" to *Messages*.

	--dkg


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 949 bytes --]

Re: Bug#755544: notmuch-emacs: doesn't check gpg/pgp signatures by default

[Daniel Kahn Gillmor]

[-- Attachment #1: Type: text/plain, Size: 999 bytes --]

On 07/22/2014 12:30 AM, Daniel Kahn Gillmor wrote:
> On 07/21/2014 09:03 PM, Jameson Graef Rollins wrote:
>> On Mon, Jul 21 2014, David Bremner <david@tethera.net> wrote:
>>> notmuch folks: it seems that in vagrant's message, and several others I
>>> checked, it notmuch-crypto-process-mime==nil, then no signature button
>>> is created at all.
>>
>> Yes, this is true.  The signature button is pretty meaningless if we're
>> not processing the signature.
>>
>> Maybe instead by default we could have a signature button that opens up
>> a notmuch-crypto-process-mime customization buffer?
> 
> Or the button could just re-load the current view while processing the
> signature, and send "you can customize notmuch-crypt-process-mime to do
> this automatically in the future" to *Messages*.

Oh, and it seems like in the case where no verification or PGP/MIME
procesing was done, we need to make it a *lot* clearer to the user that
no signature verification was done.

	--dkg


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 949 bytes --]

Re: Bug#755544: notmuch-emacs: doesn't check gpg/pgp signatures by default

[David Bremner]

Jameson Graef Rollins <jrollins@finestructure.net> writes:

> On Mon, Jul 21 2014, David Bremner <david@tethera.net> wrote:
>> notmuch folks: it seems that in vagrant's message, and several others I
>> checked, it notmuch-crypto-process-mime==nil, then no signature button
>> is created at all.
>
> Yes, this is true.  The signature button is pretty meaningless if we're
> not processing the signature.
>
> Maybe instead by default we could have a signature button that opens up
> a notmuch-crypto-process-mime customization buffer?
>
> jamie.

looking at the source, there is supposed to be some button:

,----
| (defun notmuch-show-insert-part-multipart/signed (msg part content-type nth depth button)
|   (button-put button 'face 'notmuch-crypto-part-header)
|   ;; add signature status button if sigstatus provided
|   (if (plist-member part :sigstatus)
|       (let* ((from (notmuch-show-get-header :From msg))
| 	     (sigstatus (car (plist-get part :sigstatus))))
| 	(notmuch-crypto-insert-sigstatus-button sigstatus from))
|     ;; if we're not adding sigstatus, tell the user how they can get it
|     (button-put button 'help-echo "Set notmuch-crypto-process-mime to process cryptographic MIME parts."))
`----

Re: Bug#755544: notmuch-emacs: doesn't check gpg/pgp signatures by default

[David Edmondson]

On Tue, Jul 22 2014, David Bremner wrote:
> Jameson Graef Rollins <jrollins@finestructure.net> writes:
>
>> On Mon, Jul 21 2014, David Bremner <david@tethera.net> wrote:
>>> notmuch folks: it seems that in vagrant's message, and several others I
>>> checked, it notmuch-crypto-process-mime==nil, then no signature button
>>> is created at all.
>>
>> Yes, this is true.  The signature button is pretty meaningless if we're
>> not processing the signature.
>>
>> Maybe instead by default we could have a signature button that opens up
>> a notmuch-crypto-process-mime customization buffer?
>>
>> jamie.
>
> looking at the source, there is supposed to be some button:

There is a button for the part (the one that says "[multipart/signed]")
and the help text is associated with that. There is no button
specifically for the signature (because no processing of the signature
took place).

It wouldn't be complicated to add a button in the case where no checking
was done. Pressing the button could (as suggested) offer up
customisation of the variable (or just open the help).

I wonder if I could make the button be "[Danger Will Robinson!!!]" in
flashing red and yellow text...

> ,----
> | (defun notmuch-show-insert-part-multipart/signed (msg part content-type nth depth button)
> |   (button-put button 'face 'notmuch-crypto-part-header)
> |   ;; add signature status button if sigstatus provided
> |   (if (plist-member part :sigstatus)
> |       (let* ((from (notmuch-show-get-header :From msg))
> | 	     (sigstatus (car (plist-get part :sigstatus))))
> | 	(notmuch-crypto-insert-sigstatus-button sigstatus from))
> |     ;; if we're not adding sigstatus, tell the user how they can get it
> |     (button-put button 'help-echo "Set notmuch-crypto-process-mime to process cryptographic MIME parts."))
> `----

Re: Bug#755544: notmuch-emacs: doesn't check gpg/pgp signatures by default

[David Bremner]

David Bremner <david@tethera.net> writes:

> Vagrant Cascadian <vagrant@debian.org> writes:
>
>> Package: notmuch-emacs
>> Version: 0.18.1-1
>> Severity: important
>>
>> Thanks for notmuch-emacs, it's great!

this bug is fixed in master / release