On Thursday, 17 March 2016 00:12:15 CET, Erik Quaeghebeur wrote:
Feedback: for messages that are signed but not encrypted, there
is no reason to have people wait on the message while the
signature is being checked. If possible: show it immediately,
but with an indication that the signature is being checked.
Indeed, but that is exactly how it works here. The raw message's content is
loaded asynchronously, then it's decoded, and in paralel fed to both the
GUI for display, and to the crypto engine for signature verification. In
addition, the crypto verification is offloaded into a background thread
through C++11's std::async. See the attached image how it looks like on my
machine.
What does the box say? Is it waiting for the data, or waiting for the
signature verification? The UI strings are different in these cases.
Does Trojita's GUI respond to various mouse/keyboard inputs during this
time?
What platform are you on (if some Linux -- which one)?
What compiler and its version do you currently use?
You can fetch these keys through `gpg --recv-keys "the contents of [...]
goes here"`. Right now, I do not think that we should get into the key
management business; while it definitely reduces the value of MUA
integration ("it won't be encryption for everybody"), it at least provides
a way to *use* encryption by users who are already familiar with the
concepts.
There's some work upstream in the GnuPG project to use the TOFU model
("trust on first use"); using that might be the ultimate way forward. Or
just specifying that people should use some real GPG UI for key management,
perhaps...
Cheers,
Jan
--
Trojitá, a fast Qt IMAP e-mail client -- http://trojita.flaska.net/
