index ab43ca5f3f7a62f81392e2bf636b537ba716feda..6b9d05a7a2d8a0174c6df089b7b6c45629c49c67 100644 (file)
--- a/roundup/configuration.py
+++ b/roundup/configuration.py
), "Roundup Mail Gateway options"),
("pgp", (
(BooleanOption, "enable", "no",
- "Enable PGP processing. Requires pyme."),
+ "Enable PGP processing. Requires pyme. If you're planning\n"
+ "to send encrypted PGP mail to the tracker, you should also\n"
+ "enable the encrypt-option below, otherwise mail received\n"
+ "encrypted might be sent unencrypted to another user."),
(NullableOption, "roles", "",
"If specified, a comma-separated list of roles to perform\n"
"PGP processing on. If not specified, it happens for all\n"
- "users."),
+ "users. Note that received PGP messages (signed and/or\n"
+ "encrypted) will be processed with PGP even if the user\n"
+ "doesn't have one of the PGP roles, you can use this to make\n"
+ "PGP processing completely optional by defining a role here\n"
+ "and not assigning any users to that role."),
(NullableOption, "homedir", "",
"Location of PGP directory. Defaults to $HOME/.gnupg if\n"
"not specified."),
+ (BooleanOption, "encrypt", "no",
+ "Enable PGP encryption. All outgoing mails are encrypted.\n"
+ "This requires that keys for all users (with one of the gpg\n"
+ "roles above or all users if empty) are available. Note that\n"
+ "it makes sense to educate users to also send mails encrypted\n"
+ "to the tracker, to enforce this, set 'require_incoming'\n"
+ "option below (but see the note)."),
+ (Option, "require_incoming", "signed",
+ "Require that pgp messages received by roundup are either\n"
+ "'signed', 'encrypted' or 'both'. If encryption is required\n"
+ "we do not return the message (in clear) to the user but just\n"
+ "send an informational message that the message was rejected.\n"
+ "Note that this still presents known-plaintext to an attacker\n"
+ "when the users sends the mail a second time with encryption\n"
+ "turned on."),
), "OpenPGP mail processing options"),
("nosy", (
(RunDetectorOption, "messages_to_author", "no",