https://bugs.kde.org/show_bug.cgi?id=373314
Bug ID: 373314
Summary: Verify GPG key emails when signing an email
Product: kmail2
Version: unspecified
Platform: Other
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: NOR
Component: composer
Assignee: kdepim-b...@kde.org
Reporter: wlt...@o-sinc.com
Target Milestone: ---
Not sure if this is a kmail bug or other. I think it is something Kmail can
address. Since the from field in the composer ng is editable. You can spoof
someone elses email address really easily. I accidentally did that, and Kmail
allowed me to sign an email. Despite the from address in the email not being
one of the email address in my GPG key.
Seems Kmail should only sign an email with a GPG Key that contains the From
address in the email.
--
You are receiving this mail because:
You are watching all bug changes.
