On Tue, Jun 12 2018, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
> On Tue 2018-06-12 10:00:18 -0400, Daniel Kahn Gillmor wrote:
>> (it'd be nice to be able to use notmuch-emacs to browse a notmuch
>> archive without locking the notmuch db or even needing read/write access
>> to the database)
>
> to be clear, it's not just about wanting to be able to avoid write
> access during "notmuch show" -- there are other use cases i'd like us to
> be able to support, including the ability to keep some messages'
> cleartext indexed, while leaving some of them un-indexed (keeping their
> contents secret from anyone who doesn't have the user's secret keys).
>
> This proposed change removes that possibility, so i think it needs more
> nuance.
This patch works for all the use cases I personally care about, so I
would like a configuration that is this simple.
The use case you're arguing for, which I believe is the ability to
choose on a per-message basis whether you want to stash or not, would
have to not use the show stash functionality at all.
What if notmuch-crypto-process-mime just accepted the same values that
show --decrypt does, with the same meanings, e.g.:
┌─────────────────────────────────────┬───────┬──────┬──────┬───────┐
│ │ false │ auto │ true │ stash │
├─────────────────────────────────────┼───────┼──────┼──────┼───────┤
│Show cleartext if session key is │ │ X │ X │ X │
│already known │ │ │ │ │
├─────────────────────────────────────┼───────┼──────┼──────┼───────┤
│Use secret keys to show cleartext │ │ │ X │ X │
├─────────────────────────────────────┼───────┼──────┼──────┼───────┤
│Stash any newly recovered session │ │ │ │ X │
│keys, reindexing message if found │ │ │ │ │
└─────────────────────────────────────┴───────┴──────┴──────┴───────┘
notmuch-crypto-process-mime is really only relevant for show anyway, so
I think this makes sense.
Users who want to chose to stash on a per-message basis would then need
to set notmuch-crypto-process-mime=true, and then do reindex
--decrypt=true if they want to stash.
jamie.