Hello, On Fri 08 Nov 2019 at 02:10AM -05, Daniel Kahn Gillmor wrote:
> In some cases, the user may want to try to use their own GnuPG secret > keys to decrypt encrypted parts of the message. > > By default it is disabled so that we aren't accidentally triggering > the use of user secret key material. > > Signed-off-by: Daniel Kahn Gillmor <d...@fifthhorseman.net> > --- > debian/control | 2 ++ > email-print-mime-structure | 18 +++++++++++++++++- > email-print-mime-structure.1.pod | 21 +++++++++++++++++---- > 3 files changed, 36 insertions(+), 5 deletions(-) > > diff --git a/debian/control b/debian/control > index fc2bccc..4c3b956 100644 > --- a/debian/control > +++ b/debian/control > @@ -38,6 +38,8 @@ Depends: > Recommends: > devscripts, > git, > + gpg, > + gpg-agent, I think that Recommends: is a bit strong here. It would be perfectly reasonable to use the whole mailscripts package without using this feature of email-print-mime-structure. So please use Suggests:. Also, reading the description of bin:gpg, it seems that you need to have bin:gnupg for all secret key operations. > diff --git a/email-print-mime-structure.1.pod > b/email-print-mime-structure.1.pod > index b846d87..cfdeb20 100644 > --- a/email-print-mime-structure.1.pod > +++ b/email-print-mime-structure.1.pod > + > +If I<true>, and B<email-print-mime-structure> encounters a > +PGP/MIME-encrypted part, it will try to decrypt the part using the > +secret keys found in the local installation of GnuPG. (default: > +I<false>) It looks like it will always try --pgpkey= keys first, before talking to the gpg-agent. This sentence suggests that gpg-agent keys will be tried first. > -B<email-print-mime-structure> only decrypts encrypted e-mails using > -raw, non-password-protected OpenPGP secret keys (see B<--pgpkey>, > -above). If it is unable to decrypt an encrypted part with the > -supplied keys, it will warn on stderr. > +When using B<--pgpkey>, B<email-print-mime-structure> only decrypts > +encrypted e-mails using raw, non-password-protected OpenPGP secret > +keys. This isn't really a limitation anymore, so could either be deleted, or incorporated elsewhere in the manpage. > + > +If B<email-print-mime-structure> has been asked to decrypt parts with > +either B<--pgpkey> or with B<--use-gpg-agent=true>, and it is unable > +to decrypt an encrypted part, it will emit a warning to stderr. Likewise, not really a limitation anymore. -- Sean Whitton
signature.asc
Description: PGP signature