GpgME's signature status is currently really bad for GpgME clients. You have to somehow mix together signature summary and signature validity to get an idea about what really happened. Then you also in a MUA need to mix in the UID validity of the UID matching the sender. This is even without TOFU. Oh and do you want some origin with that?
This results in a very large tree of possibilities and is not nice to use. (e.g https://dev.gnupg.org/source/gpgol/browse/master/src/mail.cpp;d719c98902827d07af7619c9d19b4f2752bd0862$2368 ) If you include the helper functions used in that function its really a lot of code just to figure out what kind of information GPGME (and thus GnuPG) is trying to communicate.
It's also error prone and thus might be a security problem. E.g. I had code like:
if (m_uid.origin() == GpgME::Key::OriginWKD && (sig.validity() == Signature::Validity::Unknown || sig.validity() == Signature::Validity::Marginal)) { // WKD is a shortcut to Level 2 trust. log_debug ("%s:%s: Unknown or marginal from WKD -> Level 2", SRCNAME, __func__); }
Which was actually a security problem because validity Unknown can also happen on errors. But now do I need to check for summary::green ? What does "green" even mean. Is it green when the key had unknown validity?
We need a much cleaner API with better documentation. This can of course be additional to the existing stuff as to not break things.
I'm assigning this to me to draft something.