Package: notmuch-emacs Version: 0.18.1-1 Severity: important Thanks for notmuch-emacs, it's great!
I did notice that it doesn't appear to check weather gpg/pgp signatures are valid by default. When I created a signed message to myself, made a copy of it, and then manually edited the text within without changing the signature... But notmuch-emacs doesn't distinguish between the valid signature: Subject: valid gpg sig To: vagrant@localhost Date: Mon, 21 Jul 2014 15:03:45 -0700 [ multipart/signed ] [ text/plain ] this should be a VALID gpg signature. [ signature.asc: application/pgp-signature ] And the edited text, with an invalid signature: Subject: invalid gpg sig To: vagrant@localhost Date: Mon, 21 Jul 2014 15:03:45 -0700 [ multipart/signed ] [ text/plain ] this should be an INVALID gpg signature. [ signature.asc: application/pgp-signature ] Maybe further action is required to verify the signature? If so, it would ideally make that clear in the interface somehow. I've only just started using emacs(largely because of the notmuch interface) so maybe there are some emacs conventions that are lost on me. live well, vagrant -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing'), (120, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 armhf Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages notmuch-emacs depends on: ii emacs23 23.4+1-4.1+b1 ii emacs24 24.3+1-4+b1 ii emacsen-common 2.0.8 ii notmuch 0.18.1-1 notmuch-emacs recommends no packages. notmuch-emacs suggests no packages. -- no debconf information
signature.asc
Description: Digital signature
