https://bugs.kde.org/show_bug.cgi?id=378781
Andre Heinecke <aheine...@intevation.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |UPSTREAM Status|UNCONFIRMED |RESOLVED --- Comment #1 from Andre Heinecke <aheine...@intevation.de> --- Hi, Sorry for tossing the ball away but that sadly is not Kleopatra's fault. That dialog comes directly from the GnuPG System. On the command line you get the same dialog: export GNUPGHOME=$(mktemp -d) curl http://cdp.pca.dfn.de/global-root-ca/pub/cacert/cacert_sha1.pem | gpgsm --import gpgsm --with-validation -k I'm actually against asking the user if a certificate is trusted or not. This should be an administrative decision or maybe available in the certificate details but imo 90% of users will just click the dialogs away. Weirdly enough if you click yes in the first dialog you are asked in a second dialog to confirm the fingerprint. I believe the idea there is that you first are asked: Do you really want to trust "this CA". And in the second "Have you confirmed that "This Fingerprint" is correct. The upstream tracker is https://dev.gnupg.org/ -- You are receiving this mail because: You are on the CC list for the bug.