thread-based email index, search, and tagging https://git.notmuchmail.org/git/notmuch/atom?h=0.26_rc1 2018-01-02T01:17:05Z 2018-01-02T01:17:05Z David Bremner david@tethera.net 2018-01-02T01:17:05Z urn:sha1:b75797150bbace2ade518a669dbd6b0f0f76bebe 2017-12-29T20:45:55Z Daniel Kahn Gillmor dkg@fifthhorseman.net 2017-12-19T16:40:55Z urn:sha1:af8255fb7159652a7d4e1fe4f1398302e1746cce This brings the --decrypt argument to "notmuch reply" into line with the other --decrypt arguments (in "show", "new", "insert", and "reindex"). This patch is really just about bringing consistency to the user interface. We also use the recommended form in the emacs MUA when replying, and update test T350 to match. 2017-12-29T20:45:46Z Daniel Kahn Gillmor dkg@fifthhorseman.net 2017-12-19T16:40:54Z urn:sha1:8ea4a99d74737929f58568505e41c94f65a14743 We also expand tab completion for it, update the emacs bindings, and update T350, T357, and T450 to match. Make use of the bool-to-keyword backward-compatibility feature. 2017-12-15T11:54:33Z Jani Nikula jani@nikula.org 2017-10-14T13:16:27Z urn:sha1:f2a6790583825ffe3c564582f9a93a6c50d8430a Add support for using /<regex>/ style regular expressions in new.ignore, mixed with the old style verbatim file and directory basenames. The regex is matched against the relative path from the database path. 2017-12-15T01:41:39Z Jani Nikula jani@nikula.org 2017-11-02T20:01:17Z urn:sha1:89f651a40374d07750528f45d555ce821c049c80 Having first a list of prefixes followed by detailed descriptions was viable when we didn't have all that many prefixes. Now, arranging the prefix descriptions in a definition list makes more sense. While at it, include all the supported prefix forms, especially some missing regex ones. 2017-12-15T01:28:50Z Jani Nikula jani@nikula.org 2017-11-02T18:44:59Z urn:sha1:f3fc97c0008c1d48ccac88c52b5bae61460bfa3f The notmuch address output is much more useful for scripts with just the addresses printed. Support this using the --output=address option. 2017-12-08T12:08:47Z Daniel Kahn Gillmor dkg@fifthhorseman.net 2017-12-08T06:24:03Z urn:sha1:be555b9d27f5675ef04edc5a34a4dc2b6dfc71ff Now that the range of sensible decryption policies has come into full view, we take a bit of space to document the distinctions. Most people will use either "auto" or "true" -- but we provide "false" and "nostash" to handle use cases that might reasonably be requested. Note also that these can be combined in sensible ways. Like, if your mail comes in regularly to a service that doesn't have access to your secret keys, but does have access to your index, and you feel comfortable adding selected encrypted messages to the index after you've read them, you could stay in "auto" normally, and then when you find yourself reading an indexable message (e.g. one you want to be able to search for in the future, and that you don't mind exposing to whatever entities have access to your inde), you can do: notmuch reindex --decrypt=true id:whatever@example.biz That leaves your default the same (still "auto") but you get the cleartext index and stashed session key benefits for that particular message. 2017-12-08T12:08:47Z Daniel Kahn Gillmor dkg@fifthhorseman.net 2017-12-08T06:24:02Z urn:sha1:fccebbaeef1e4b6489425afb13f419543d53d285 Here's the configuration choice for people who want a cleartext index, but don't want stashed session keys. Interestingly, this "nostash" decryption policy is actually the same policy that should be used by "notmuch show" and "notmuch reply", since they never modify the index or database when they are invoked with --decrypt. We take advantage of this parallel to tune the behavior of those programs so that we're not requesting session keys from GnuPG during "show" and "reply" that we would then otherwise just throw away. 2017-12-08T12:08:47Z Daniel Kahn Gillmor dkg@fifthhorseman.net 2017-12-08T06:24:01Z urn:sha1:29648a137c5807135ab168917b4a51d5e19e51c2 If you're going to store the cleartext index of an encrypted message, in most situations you might just as well store the session key. Doing this storage has efficiency and recoverability advantages. Combined with a schedule of regular OpenPGP subkey rotation and destruction, this can also offer security benefits, like "deletable e-mail", which is the store-and-forward analog to "forward secrecy". But wait, i hear you saying, i have a special need to store cleartext indexes but it's really bad for me to store session keys! Maybe (let's imagine) i get lots of e-mails with incriminating photos attached, and i want to be able to search for them by the text in the e-mail, but i don't want someone with access to the index to be actually able to see the photos themselves. Fret not, the next patch in this series will support your wacky uncommon use case. 2017-12-08T12:08:47Z Daniel Kahn Gillmor dkg@fifthhorseman.net 2017-12-08T06:24:00Z urn:sha1:6a9626a2fdddf6115bcf97982fd10053bf48e942 There are some situations where the user wants to get rid of the cleartext index of a message. For example, if they're indexing encrypted messages normally, but suddenly they run across a message that they really don't want any trace of in their index. In that case, the natural thing to do is: notmuch reindex --decrypt=false id:whatever@example.biz But of course, clearing the cleartext index without clearing the stashed session key is just silly. So we do the expected thing and also destroy any stashed session keys while we're destroying the index of the cleartext. Note that stashed session keys are stored in the xapian database, but xapian does not currently allow safe deletion (see https://trac.xapian.org/ticket/742). As a workaround, after removing session keys and cleartext material from the database, the user probably should do something like "notmuch compact" to try to purge whatever recoverable data is left in the xapian freelist. This problem really needs to be addressed within xapian, though, if we want it fixed right.