I built k-9 from git just now (so one merge past 5.111 on master). I exported settings from stable, removed, and installed the new build via Android Studio. I then imported settings.
1. Basically it works! While the rest of this message is bug reports, they are minor. 2. On start, there is import settings vs next. That's fine, but there is no way to get back once you miss the import other than killing the app and restarting. It seems one should be able to cancel out of adding an account and have k-9 operational with no accounts. And import should then be available. But this is not that important - it was easy to get by. 3. Now that there is openpgp/smime, I'm seeing signatures being checked. When clicking on a signature icon, it started to download keys >From servers. Probably that's ok, but I wonder if from a privacy POV that should default to off. 4. On one particular message, it's signed with a 1024-bit key and not encrypted. I see a red checkmark (meaning signed but not encrypted, I think, and perhaps an untrusted key), and the lower dot is lit (I think meaning weak key). That's all fine. But instead of seeing the message, I see "Security warning", "This message was signed by an <bold>insecure key!</>" and "<button>Show message anyways</>". This seems wrong because a messages signed by a weak key isn't worse than a message which is not signed, and those don't get that behavior. However, when I click "Show Message anyway", it shows the message, but it doesn't remember this and I get the same behavior next time. I recommend fixing by removing this functionality, or making it an option defaulting to off. Basically OpenPGP has a lot of issues, and I don't think adding friction helps, unless it's going to be semantically consistent which requires a warning on unsigned messages or messages signed with a key that is not trusted also. -- You received this message because you are subscribed to the Google Groups "K-9 Mail" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: PGP signature
