#158 phrase "UNTRUSTED good signature" is dangerously misleading

open
nobody
None
1.5.2
Minor
All
---
2013-07-14
2013-07-14
Ximin Luo
No

Please see discussion at:

http://lists.gnupg.org/pipermail/gnupg-devel/2013-July/027793.html

The offending phrase is Enigmail-specific; it does not originate from GnuPG:

http://lists.gnupg.org/pipermail/gnupg-devel/2013-July/027799.html

Suggested phrasing improvement is "UNVALIDATED Good signature".

Discussion

  • Patrick Brunschwig

    I would vote for "unverified" good signature

     
  • Ximin Luo

    Ximin Luo - 2013-07-14

    I thought of that too, but it might be confusing since the operation on signatures are called sign/verify, and "good signature" means it was verified correctly, so "unverified good signature" seems weird, and overloads that term.

    Another suggestion was "Good signature from UNVERIFIED key". But I prefer still "unvalidated" because that is consistent with PGP's terminology - "Validity is confidence that a public key certificate belongs to its purported owner" - and avoids overloading the term "verify".

     
    Last edit: Ximin Luo 2013-07-14

Log in to post a comment.