Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes:
> - { .opt_bool = &decrypt, .name = "decrypt", .present = &decrypt_set },
> + { .opt_keyword = (int*)(¶ms.crypto.decrypt), .name = "decrypt",
> + .keyword_no_arg_value = "true", .keywords =
> + (notmuch_keyword_t []){ { "false", NOTMUCH_DECRYPT_FALSE },
> + { "auto", NOTMUCH_DECRYPT_AUTO },
> + { "true", NOTMUCH_DECRYPT_NOSTASH },
> + { 0, 0 } } },
Should we explicitely allow --decrypt=nostash for consistency? Also
maybe stability in case we change what --true means.
> + if (params.crypto.decrypt == NOTMUCH_DECRYPT_NOSTASH)
> + params.crypto.verify = true;
One thing that gave me pause is the fact that --decrypt=auto does not
verify by default. What are the security implications of this? Do we
verify when indexing? Does this require more documentation?
_______________________________________________
notmuch mailing list
notmuch@notmuchmail.org
https://notmuchmail.org/mailman/listinfo/notmuch