Re: [Tails-dev] [review'n'merge:1.1] feature/6608-OpenPGP-si…

Supprimer ce message

Répondre à ce message
Auteur: anonym
Date:  
À: The Tails public development discussion list
Sujet: Re: [Tails-dev] [review'n'merge:1.1] feature/6608-OpenPGP-signature-verification-in-Nautilus
13/04/14 12:54, intrigeri wrote:
> Hi,
>
> feature/6608-OpenPGP-signature-verification-in-Nautilus completes the
> steps to have seahorse-nautilus fully replace seahorse-plugins
> in Wheezy. It therefore will solve #6608, #5516 and #7039.
>
> Please review'n'merge in devel for Tails 1.1.


I tested it, and with the new shared-mime-info nautilus can verify .sig
files generated with `--detach-sign` without issue. Public key and
symmetrically encrypted files (both .gpg) also decrypt successfully.

However, it gets confused with gpg's default file extensions for other
types of signatures:

* `--clearsign` creates a .asc file which nautilus associates with
"Import Key" which fails with "Import Failed: Keys were found but not
imported".

* `--sign` creates a .gpg file which nautilus associates with "Decrypt
File" which fails with "Coudln't decrypt file: <file>: No data".

Renaming them to .sig throws the error "Couldn't verify file: <file>: No
valid signatures found".

Lastly, it cannot import keys exported without `--armor`; a dialog
titled "Importing" is shown, with a progress bar that never advances. At
least it can be closed with the "Cancel" button.

Given how shoddy all this is, I'm not sure I want to merge this branch.
What do you think?

Cheers!