[tokkee]

tokkee.org

Code

projects / roundup.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
PGP support is again working (pyme API has changed significantly) and we
[roundup.git] / roundup / configuration.py
diff --git a/roundup/configuration.py b/roundup/configuration.py
index ab43ca5f3f7a62f81392e2bf636b537ba716feda..6b9d05a7a2d8a0174c6df089b7b6c45629c49c67 100644 (file)
--- a/roundup/configuration.py
+++ b/roundup/configuration.py
@@ -799,14 +799,36 @@ SETTINGS = (
     ), "Roundup Mail Gateway options"),
     ("pgp", (
         (BooleanOption, "enable", "no",
-            "Enable PGP processing. Requires pyme."),
+            "Enable PGP processing. Requires pyme. If you're planning\n"
+            "to send encrypted PGP mail to the tracker, you should also\n"
+            "enable the encrypt-option below, otherwise mail received\n"
+            "encrypted might be sent unencrypted to another user."),
         (NullableOption, "roles", "",
             "If specified, a comma-separated list of roles to perform\n"
             "PGP processing on. If not specified, it happens for all\n"
-            "users."),
+            "users. Note that received PGP messages (signed and/or\n"
+            "encrypted) will be processed with PGP even if the user\n"
+            "doesn't have one of the PGP roles, you can use this to make\n"
+            "PGP processing completely optional by defining a role here\n"
+            "and not assigning any users to that role."),
         (NullableOption, "homedir", "",
             "Location of PGP directory. Defaults to $HOME/.gnupg if\n"
             "not specified."),
+        (BooleanOption, "encrypt", "no",
+            "Enable PGP encryption. All outgoing mails are encrypted.\n"
+            "This requires that keys for all users (with one of the gpg\n"
+            "roles above or all users if empty) are available. Note that\n"
+            "it makes sense to educate users to also send mails encrypted\n"
+            "to the tracker, to enforce this, set 'require_incoming'\n"
+            "option below (but see the note)."),
+        (Option, "require_incoming", "signed",
+            "Require that pgp messages received by roundup are either\n"
+            "'signed', 'encrypted' or 'both'. If encryption is required\n"
+            "we do not return the message (in clear) to the user but just\n"
+            "send an informational message that the message was rejected.\n"
+            "Note that this still presents known-plaintext to an attacker\n"
+            "when the users sends the mail a second time with encryption\n"
+            "turned on."),
     ), "OpenPGP mail processing options"),
     ("nosy", (
         (RunDetectorOption, "messages_to_author", "no",
Roundup Issue Tracker (SVN clone)