Currently, all key filters always show all key groups, even when none of their keys matches the filter.
I'm not sure whether a group should be considered "matching" when some of the keys match (but not all), but the current behavior feels broken.
Currently, all key filters always show all key groups, even when none of their keys matches the filter.
I'm not sure whether a group should be considered "matching" when some of the keys match (but not all), but the current behavior feels broken.
Status | Assigned | Task | ||
---|---|---|---|---|
Open | • TobiasFella | T6916 Kleopatra group related improvements | ||
Testing | • TobiasFella | T6970 Kleopatra: Hide non-matching keygroups when using a key filter |
Yes I think that some keys must match, e.g. if you filter for S/MIME you only want to see groups where at least one S/MIME certificate is part of the group. Or for expired to see if there are groups with expired certificates in them.
I'm wondering whether we didn't do this for a reason. Currently, groups are only used in the certificate line edit. Didn't we want to show all groups to give the user the chance to notice a group containing an unsuitable key? If we filter out the group then the user will have a much harder time to find out why the group isn't offered. Things may be different for the key selection combo box which is primarily (or exclusively?) used for the user's own keys without even offering groups.
Update: I checked the code. We currently only check for expiry, but we don't seem to check if a group is actually usable for encryption so the user will probably only notice that there's a problem when they try to encrypt.
I think I haven't been clear enough about the issue for this ticket, sorry about that. My main concern here is that in Kleopatra's Certificate Selection Dialog, the key filters don't filter the keygroups at all, i.e., if i select the "OpenPGP Certificates" filter, a group containing only SMIME keys is still visible.
Is also an excellent point
In the Certificate Selection Dialog where the user controls the filter it makes sense to apply them also to key groups. The only question is how, i.e. with all_of or with any_of? I'm leaning towards any_of, e.g. if "OpenPGP Certificates" is selected then all key groups are shown that contain at least one OpenPGP certificate. This would also address my concern that key groups could be hidden if they contain an unsuitable key because they would only be hidden if all keys are unsuitable.