Re: a proposed change to JSON output to report verification of PGP/MIME signatures.

Subject: Re: a proposed change to JSON output to report verification of PGP/MIME signatures.

Date: Tue, 16 Nov 2010 15:10:59 -0500

To: Carl Worth, Daniel Kahn Gillmor, notmuch

Cc:

From: Jameson Rollins

On Tue, 16 Nov 2010 11:47:13 -0800, Carl Worth <cworth@cworth.org> wrote:
> The only other piece I think I'd like to see is actually making the
> content of the signature pieces available in the json output. Then, a
> client could do its own verification.
> 
> Then if we had that would we not want to add the --verify support into
> notmuch? (My guess is that we still would want it.)

Hey, Carl.  I think your suggestion to include the signatures in the
output is a reasonable.  However, (I could be misunderstanding your
suggestion but) I really think the Right thing is for notmuch to do the
verification itself.  I would almost say that --verify should be the
default, with a --no-verify option.  It will make things much easier for
all the UIs if notmuch handles the verification and just outputs the
result.

jamie.
part-000.sig (application/pgp-signature)

Thread: