Philip Hands <phil@hands.com> writes: > Tomas Nordin <tomasn@posteo.net> writes: > >> Teemu Likonen <tlikonen@iki.fi> writes: > ... >>> I do this: I press "Yes" (to trust "ultimately") but then immediately go >>> edit ~/.gnupg/trustlist.txt file and put "!" mark in the beginning of >>> that certificate authority's key fingerprint. It marks that key >>> untrusted (because I really don't know). Then: "gpgconf --reload >>> gpg-agent". >> >> OK, thanks. That already feels better, knowing I can revert this trust >> easily like that. And some better understanding for whats going on. > > That seems like a UI bug to me -- I'd have thought that there should be > a "No" button so that you can stop it repeatedly asking (presumably by > automatically doing the same as the above manual procedure). > > Would anyone happen to know where that should be reported? > > I have a feeling that I'd want to default that to answering "No", and > never see the prompt. I think this is all about S/MIME and gpgsm. The issue with the delays is already reported to https://dev.gnupg.org/T3348 It can be worked around with "disable-crl-checks" in the gpgsm config. But if you actually care about S/MIME messages that has some drawbacks. The more general question of asking people to trust the CA of some random person on the internet seems crazy to me as well. I'm not sure, maybe dkg has ideas about how to fix the UI issue from the notmuch side. d _______________________________________________ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch