[PATCH v4 2/3] cli/show: make --decrypt take a keyword.

David Bremner david at tethera.net
Sat Dec 23 06:39:47 PST 2017


Daniel Kahn Gillmor <dkg at fifthhorseman.net> writes:

> -	{ .opt_bool = &decrypt, .name = "decrypt", .present = &decrypt_set },
> +	{ .opt_keyword = (int*)(&params.crypto.decrypt), .name = "decrypt",
> +	  .keyword_no_arg_value = "true", .keywords =
> +	  (notmuch_keyword_t []){ { "false", NOTMUCH_DECRYPT_FALSE },
> +				  { "auto", NOTMUCH_DECRYPT_AUTO },
> +				  { "true", NOTMUCH_DECRYPT_NOSTASH },
> +				  { 0, 0 } } },

Should we explicitely allow --decrypt=nostash for consistency? Also
maybe stability in case we change what --true means.

> +    if (params.crypto.decrypt == NOTMUCH_DECRYPT_NOSTASH)
> +	params.crypto.verify = true;

One thing that gave me pause is the fact that --decrypt=auto does not
verify by default. What are the security implications of this? Do we
verify when indexing? Does this require more documentation?



More information about the notmuch mailing list