Daniel Kahn Gillmor <[email protected]> writes:

> -     { .opt_bool = &decrypt, .name = "decrypt", .present = &decrypt_set },
> +     { .opt_keyword = (int*)(&params.crypto.decrypt), .name = "decrypt",
> +       .keyword_no_arg_value = "true", .keywords =
> +       (notmuch_keyword_t []){ { "false", NOTMUCH_DECRYPT_FALSE },
> +                               { "auto", NOTMUCH_DECRYPT_AUTO },
> +                               { "true", NOTMUCH_DECRYPT_NOSTASH },
> +                               { 0, 0 } } },

Should we explicitely allow --decrypt=nostash for consistency? Also
maybe stability in case we change what --true means.

> +    if (params.crypto.decrypt == NOTMUCH_DECRYPT_NOSTASH)
> +     params.crypto.verify = true;

One thing that gave me pause is the fact that --decrypt=auto does not
verify by default. What are the security implications of this? Do we
verify when indexing? Does this require more documentation?

_______________________________________________
notmuch mailing list
[email protected]
https://notmuchmail.org/mailman/listinfo/notmuch

Reply via email to