Page MenuHome GnuPG

Kleopatra: Warn if a certificate in a group is deleted
Open, NormalPublic


If I import a group definition and delete one of the included certificates afterwards, the certificate is no longer shown in the group definition and therefore no longer used for encryption to that group.

This may cause confusion especially in the context of encrypted group mails. A users might not always be aware who is participant in a group mail address (as group membership is not shown in the certificate list, see also T6240) and might delete a certificate of the group. The result would be that that person would then get a mail which is not encrypted to them.

I propose
a) a warning when attempting to delete a certificate which is in a group
b) an optional column in the certificate view displaying the group memberships of a certificate



Event Timeline

This pretty much highlights a general problem of groups: If the distribution groups for the email client are managed independently from the certificate groups then there will inevitably be discrepancies. The obvious solution is the usage of groups managed by a central service for email addresses and certificates. (Or an encrypted mailing list service.)

a) is a good idea.
b) is already covered by T6240: Kleopatra: Add column for groups in the certificate view.

aheinecke renamed this task from Kleopatra: handling of keys/certificates which are in a group to Kleopatra: Warn if a certificate in a group is deleted.Mar 15 2023, 10:15 AM
aheinecke triaged this task as Normal priority.
aheinecke added a subscriber: aheinecke.

I changed the title of the issue to make it about adding the warning. I also think that is a good idea to avoid confusion / accidents.