Right now we use any key we find. We should probably require some level of trust before using it?
Perhaps we should also validate the key periodically, on the other hand, maybe that is better left to whatever maintains the keys in gpg.
Right now we use any key we find. We should probably require some level of trust before using it?
Perhaps we should also validate the key periodically, on the other hand, maybe that is better left to whatever maintains the keys in gpg.
Status | Assigned | Task | ||
---|---|---|---|---|
Open | None | T7658 Autocrypt support | ||
Open | None | T5914 GPG support | ||
Resolved | cmollekopf | T7489 Check key for trust and validity before use. |