[Bug 44699] can't encrypt with gpg if the receiver's key is not signed

[josh at agliodbs.com]

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
You are a voter for the bug, or are watching someone who is.
         
http://bugs.kde.org/show_bug.cgi?id=44699         




------- Additional Comments From josh agliodbs com  2007-02-01 21:24 -------
Thiago,

Again, that's irrelevant.  What you're doing is trying to enforce *your* notion of "proper behavior" on users despite numerous feature requests and votes.  I repeat: who do you think you are, Steve Jobs?   The day that KDE becomes a straightjacket the day the whole darned project dies.  And you seem to be intent on bringing that day closer.

The reason to use untrusted keys is this *very* simple exchange which those of us who have real business do to on the internet other than hacking do all the time:

Me: I can send you the figures, but they need to be protected from interception.
Him: my gpg key is GH565FM
Me: Ok, sent

It should be that easy.  But it's not, simply because *you* are standing in the way of a fix that another KDE developer is ready to make.  The result is *less* people using GPG, and *less* people using Kmail, because Thunderbird does not have this stupid restriction.

Here's the issues with "local signing":

a) I shouldn't be signing keys, even locally, that I haven't verified.
b) The kgpg interface is cumbersome, unintuitive and buggy so it takes hands-on-help from a geek to do local signing with the GUI.
c) Given the interface, I can easily accidentally sign it globally, compromising the web of trust
d) once I've signed the key locally, I'll forget that it's local only and never get around to signing it globally once I've verified it, resulting in failing to build up the web of trust.

Overall this "feature" both makes Kmail harder to use and harms the GPG Web of Trust.  Please stop standing in the way of users and progress.