Re: [PATCH] emacs: use new show --decrypt=stash feature in emacs UI

Subject: Re: [PATCH] emacs: use new show --decrypt=stash feature in emacs UI

Date: Tue, 12 Jun 2018 23:07:33 -0700

To: Daniel Kahn Gillmor,


From: Jameson Graef Rollins

On Tue, Jun 12 2018, Daniel Kahn Gillmor <> wrote:
> On Tue 2018-06-12 10:00:18 -0400, Daniel Kahn Gillmor wrote:
>> (it'd be nice to be able to use notmuch-emacs to browse a notmuch
>> archive without locking the notmuch db or even needing read/write access
>> to the database)
> to be clear, it's not just about wanting to be able to avoid write
> access during "notmuch show" -- there are other use cases i'd like us to
> be able to support, including the ability to keep some messages'
> cleartext indexed, while leaving some of them un-indexed (keeping their
> contents secret from anyone who doesn't have the user's secret keys).
> This proposed change removes that possibility, so i think it needs more
> nuance.

This patch works for all the use cases I personally care about, so I
would like a configuration that is this simple.

The use case you're arguing for, which I believe is the ability to
choose on a per-message basis whether you want to stash or not, would
have to not use the show stash functionality at all.

What if notmuch-crypto-process-mime just accepted the same values that
show --decrypt does, with the same meanings, e.g.:

│                                     │ false │ auto │ true │ stash │
│Show  cleartext  if  session  key is │       │ X    │ X    │ X     │
│already known                        │       │      │      │       │
│Use secret keys to show cleartext    │       │      │ X    │ X     │
│Stash any  newly  recovered  session │       │      │      │ X     │
│keys, reindexing message if found    │       │      │      │       │

notmuch-crypto-process-mime is really only relevant for show anyway, so
I think this makes sense.

Users who want to chose to stash on a per-message basis would then need
to set notmuch-crypto-process-mime=true, and then do reindex
--decrypt=true if they want to stash.

signature.asc (application/pgp-signature)
notmuch mailing list