a proposed change to JSON output to report verification of PGP/MIME signatures.

Jameson Rollins jrollins at finestructure.net
Tue Nov 16 12:10:59 PST 2010


On Tue, 16 Nov 2010 11:47:13 -0800, Carl Worth <cworth at cworth.org> wrote:
> The only other piece I think I'd like to see is actually making the
> content of the signature pieces available in the json output. Then, a
> client could do its own verification.
> 
> Then if we had that would we not want to add the --verify support into
> notmuch? (My guess is that we still would want it.)

Hey, Carl.  I think your suggestion to include the signatures in the
output is a reasonable.  However, (I could be misunderstanding your
suggestion but) I really think the Right thing is for notmuch to do the
verification itself.  I would almost say that --verify should be the
default, with a --no-verify option.  It will make things much easier for
all the UIs if notmuch handles the verification and just outputs the
result.

jamie.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://notmuchmail.org/pipermail/notmuch/attachments/20101116/9ca183d9/attachment.pgp>


More information about the notmuch mailing list