GPGME: Signature summary

Matthias Fuchs mat69 at gmx.net
Fri Oct 16 11:22:36 CEST 2009


On Friday 16 October 2009 12:31:01 Werner Koch wrote:
> If you set the VALID flag here you would need to reset it later if any
> other special conditions are figured out.  For example later you see:
> 
>   /* Check other flags. */
>   if (sig->wrong_key_usage)
>     sum |= GPGME_SIGSUM_BAD_POLICY;
> 
> This sets another bit and thus the VALID flag is not anymore correct.
This would imo apply to the current code as well.
> GREEN says: Fine, but check the other flags.  GREEN/RED is a simple
> thumb up/down indicator to give a basic indication on the status of a
> signature.  In contrast, VALID says: The system has no doubts whatsoever
> on the validity of the signature.
> 
> Note that there is also an implicit YELLOW status which should be
> assumed if neither GREEN or RED is set.  It means that there are not
> enough information to say something about the signature status.  KMail
> uses these colors to render a frame around the message.
The problem I have still remains though and is unadressed, namely summary 
returning 0, a value that is not defined for gpgme_sigsum_t and imo that is 
not a good practice as it leaves the user in the cold of what is the case. So 
my code might not be the solution but something has to change there.

And as I have pointed out this happens when GPGME_VALIDITY_UNKNOWN is set. 
Even if the signature is correct. So what is one supposed to do when summary 
returns 0?

Cheers
Matthias



More information about the Gnupg-devel mailing list