[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Do users need to set `mml-secure-signer-names' (etc) now?
From: |
Karl Fogel |
Subject: |
Do users need to set `mml-secure-signer-names' (etc) now? |
Date: |
Tue, 28 Apr 2020 10:59:18 -0500 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux) |
For a while now, sending GPG-signed emails from message mode (just signed, not
encrypted) has been failing for me with an error from `mml-secure-epg-sign':
"Couldn't find any signer names."
This is a regression -- in the past, message mode would correctly figure out
the signer identity from the message's sender.
(Note that an older version of that error message suggested setting
`mml-secure-smime-sign-with-sender'. Because I encountered the error when
`mml-secure-smime-sign-with-sender' was set to non-nil, I improved the error
message in commit 06cb8350c69 on 4 Nov 2019: now it only makes that suggestion
if the variable is nil. However, even with that variable set, the problem
still occurrs for me, and I said I would debug further -- see [1] for more
context.)
I've now debugged enough to reach a question:
Is it intended that users should set at least one of `mml-secure-signer-names'
or `mml-secure-openpgp-sign-with-sender' in order for message-signing to work?
I would hope not, because using the message sender as the signing party seems
like a reasonable default behavior. Anyway, I can't proceed further without
knowing the intended behavior -- I don't yet know if I'm looking at a bug or if
it's simply that user-configuration requirements changed and I didn't get the
memo.
Here is what led me to this question:
In lisp/gnus/mml-sec.el, `mml-secure-signer-names' returns nil if
`mml-secure-openpgp-signers' is not set *and*
`mml-secure-openpgp-sign-with-sender' is not set. (This is all in the
`OpenPGP' protocol case; I'm not concerned with the non-OpenPGP case right
now.) Naturally, `mml-secure-epg-sign' fails with the above error when
`mml-secure-signer-names' returns nil.
So if I set `mml-secure-openpgp-sign-with-sender', then I can send signed
messages again (that variable was nil by default for me). I have never set
`mml-secure-openpgp-signers' in my .emacs, and neither it nor
`mml-secure-smime-sign-with-sender' are mentioned in any NEWS file. However,
`mml-secure-openpgp-sign-with-sender' is mentioned in NEWS.27:
> *** 'mml-secure-openpgp-sign-with-sender' sets also "gpg --sender".
> When 'mml-secure-openpgp-sign-with-sender' is non-nil, message sender's
> email address (in addition to its old behavior) will also be used to
> set gpg's "--sender email@domain" option.
>
> The option is useful for two reasons when verifying the signature:
>
> 1. GnuPG's TOFU statistics are updated for the specific user id
> (email) only. See gpg(1) man page about "--sender".
>
> 2. GnuPG's "--auto-key-retrieve" functionality can use WKD (web key
> directory) method for finding the signer's key. You need GnuPG
> 2.2.17 to fully benefit from this feature. See gpg(1) man page for
> "--auto-key-retrieve".
I don't fully understand that NEWS entry, but the "(in addition to its old
behavior)" implies to me that defaulting-to-sender-as-signer was perhaps never
intended to break? I can't tell for sure, because I'm not sure what the old
behavior was. The only other mention of that variable in a NEWS entry is this,
chronologically earlier (lower down) in NEWS.27:
> ---
> *** 'epg-context' structure supports now 'sender' slot.
> The value of the new 'sender' slot (if a string) is used to set gpg's
> "--sender" option. This feature is used by
> 'mml-secure-openpgp-sign-with-sender'. See gpg(1) manual page about
> "--sender" for more information.
So do we intend that users should set at least one of `mml-secure-signer-names'
or `mml-secure-openpgp-sign-with-sender' in order to get use-sender-as-signer
behavior? Or should Emacs just derive the signer from the sender automagically
(as I believe it used to)?
This is all with recent `master'. I haven't tested with the Emacs 27 branch
yet.
Best regards,
-Karl
[1] See these two posts:
From: Karl Fogel
To: Emacs Devel
Subject: [PATCH] Improve signer name error in `mml-secure-epg-sign'.
Date: Mon, 04 Nov 2019 14:38:00 -0600
Message-ID: <address@hidden>
From: Karl Fogel
To: Emacs Devel
Subject: Re: [PATCH] Improve signer name error in `mml-secure-epg-sign'.
Date: Sat, 09 Nov 2019 15:38:55 -0500
Message-ID: <address@hidden>
- Do users need to set `mml-secure-signer-names' (etc) now?,
Karl Fogel <=