On Tue, Feb 26 2013, Jani Nikula <jani@nikula.org> wrote:
> For decryption, we expect there to be a functioning gpg-agent, and we
> want gpg to talk to it for any needed credentials. There's a gmime
> function to declare that: g_mime_gpg_context_set_use_agent() [1], [2].
> Start using it.
>
> I had gpg-agent running, but gpg "use-agent" configuration option
> disabled. This resulted in an error message from 'notmuch show':
>
>   Failed to decrypt part: Canceled.
>
> and json had this:
>
>   "encstatus" : [ { "status" : "bad" } ]
>
> One could argue the "use-agent" option should be enabled, but I'd like
> to use the agent only as a last resort. I think that's irrelevant
> though. There's a gmime function to declare what we expect, so we
> should use it. Conveniently it also fixes the problem in a user
> friendly way.

I will argue that the "use-agent" option should be enabled.  If we force
use of gpg-agent, then we don't allow people to opt out of using it.
That's not very user friendly, particularly if someone has not enabled
it for a specific reason.

But I think more to the point we need a little bit of due diligence of
the effects of this before we enable it.  What happens if gpg-agent is
not available?  What happens if there is no X session?  Tests that probe
the various circumstances would be useful.

I do note, though, that the error messages are not very useful.  It
would be nice if could figure out that the decryption failed because of
lack of agent and inform the user of that.

We should probably also update the show man page to make explicit that
an agent may be required.

jamie.