[Users] Signatures don't seem to work

mlist mlist at riseup.net
Sun Sep 1 10:36:39 CEST 2019


On Sat, 31 Aug 2019 22:14:16 -0000 Paul wrote:

> If you were serious about protecting your privacy
> like that (tor, etc), then you would not set
> auto-key-retrieve in your gpg.conf.

Serious people also make mistakes and may forget
things (or may not be completely aware of them).
That's why other serious people (who understand that)
would warn the first people, so that even if they
forget they can correct themselves.

If Claws pretends to be 'offline' and still allows
initiation of connections indirectly (through GPG or
otherwise) that is not really 'offline' (which to my
mind *is* a bug as it is contrary to what the UI says).

Is it a huge effort to:

- make Claws call GPG with --no-auto-key-retrieve
option (by default)

- add a separate preference setting for
--auto-key-retrieve (in case the user still wants that
explicitly)

- add a warning which shows up when one turns on
"Automatically check signatures"

?


More information about the Users mailing list