Because the alternative is: 1. Fall back to the old UI 2. Constantly rebase my fork 3. Push it to F-Droid
And it's much worse a solution - because with time people can start using my version, and it can get incompatibilities with yours, security holes because of those incompatiblities, a real nightmare, when it comes to security! On Saturday, November 26, 2016 at 6:06:25 PM UTC+1, [email protected] wrote: > > Hi, > > I didn't have much time to reply, so doing that right now. > > I'm not encouraging anyone to create ciphers, which can have serious flaws > in design. I only claim that if there exist other means of checking > authenticity, then signing is not needed. The simplest method of them all > is just quoting the previous message. Why? > > All the cryptographic signature tells is "Hey, I have the private key for > this one". But if the message is quoted, then it's a proof good enough, > that the recipient has access to the private key. The information > transmitted is just the same. > > ---- > > > By not signing a message the only thing you are doing > > is weakening the security of the person you are emailing. You are saying > > 'My security is fine because the message is encrypted. But their > > security - believing that the email is from the same key owner as the > > last one - is not important to me' > > Yes, but sending encrypted unsigned messages is still much, much better > than sending them unencrypted at all! Having partial security is still > better than no security. > Yes, the security is weaker, but still better than none. > ---- > > I can code the feature, but what's the point if you're going to reject it > anyway (see the Valodim's post on GitHub). > It's just about giving the users the freedom to choose. They are the ones > to bear the consequences anyway. > > Can we find some compromise about how the pull request should look like to > be accepted? > Besides, me constantly rebasing the fork against your HEAD is aa > -- You received this message because you are subscribed to the Google Groups "K-9 Mail" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
