diff options
| author | Werner Koch <[email protected]> | 2018-08-27 09:42:27 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2018-08-27 09:43:02 +0000 |
| commit | 53c5b9a265d33f2cc54f489375a929602338aee8 (patch) | |
| tree | e218cf299f6593d890d55fd61d13914e6615b151 /lang/python/examples/howto | |
| parent | doc: Add warning that FILE_NAME is not part of the signed data. (diff) | |
| download | gpgme-53c5b9a265d33f2cc54f489375a929602338aee8.tar.gz gpgme-53c5b9a265d33f2cc54f489375a929602338aee8.zip | |
json: Do not put FILE_NAME into the verify result.
* src/gpgme-json.c (verify_result_to_json): Remove "file_name".
--
Having the file name in the verify result may lead developers to
assume that the file name is covered by the signature. This is not
the case and can easily be checked by hex-editing a signed message.
We better don't output it at all.
The same is true for the is_mime flag but that is anyway only an
advisory and I can't see damage from a faulty one.
Note that we keep file_name in gpgme's output for ABI stability and
because some tools want to display meta information even if they are
subject to tampering. This is similar to the non-encrypted subject in
mails.
Signed-off-by: Werner Koch <[email protected]>
Diffstat (limited to 'lang/python/examples/howto')
0 files changed, 0 insertions, 0 deletions