Before making subtickets for each application: I wonder if it is not all Kleopatra anyway? Isn't the security approval dialog basically Kleopatra?

The equivalent for invalid S/MIME certificates are not-certified *PGP certificates.
(Valid/invalid are not ideal as technical terms as they have a broad general meaning, too. I hope my usage here is correct ;-) It is what I gathered from an explanation given by Werner.)

Invalid certs (as stated in the status column in Kleopatra) are mainly S/MIME certs (e.g. with missing root cert, CRL check failed, etc). I haven't seen invalid pgp certs yet (might be e.g. very old ones with missing self signature).

Invalid and expired are different cases.

Issue 1) should be implemented as already described (on error -> dialog to retry with "always trust" flag)

@ebo and me talked about this and T6701: GpgOL: Use GPGME_ENCRYPT_ALWAYS_TRUST. We think, it's best to have a short meeting to discuss further changes.

Patch was merged upstream (KF 6.25): 332678d8a4f635d6938eb3e9ec03d845aa89697a

I have added the fix as patch for VSD 3.3 because the commits that introduced this regression were also added as patches for VSD 3.3.

This is a regression that was introduced with T7759: Kleopatra: Notepad encryption with S/MIME fails.

Fixed. For VSD 3.4 this will also be fixed if gpgme is updated.

This is a bug in gpgme. gpgsm_assuan_simple_command only reads a single line before waiting for more data although there is a second line (ERR ...) ready to be read. gpgsm never sends more data because it has already sent its full answer. So gpgme waits forever.

Note that KWatchGnuPG isn't available on Windows.

Fixed. KWatchGnuPG doesn't modify GnuPG config files anymore. Instead one has to set socket:// as log file for the components one wants to see in KWatchGnuPG.

Ticket for the hang on file encryption: T8187: Kleopatra: File encryption with invalid S/MIME certificate hangs indefinitely

According to Werner, that should be:

Maybe those smime certs will do:

It needs to be clarified which kind of errors should be handled and which kind of S/MIME certificates should be allowed to be used for encryption:

• Valid certificates where the CRL check (or OCSP check?) fails
• Invalid certificates (e.g. because of incomplete chain/missing CA)
• Expired certificates

Do we have a test certificate for this? The certificate in T6702#176845 is expired.

After talking to Werner I lower the prio as apparently there is no direct customer request for this

Pushed the change of gpgme: rM8b89678aed6d: Fix passphrase cancel handling.

Pushed the last change: rG2239f687bb14: scd:openpgp: UI improvement for use of PIN-entry.

Backported for VSD 3.4

Should be backported to VSD 3.4 because these changes amend T7212: Problems with certificate colors / styles.

Backported for VSD 3.4

The remaining open points of this ticket will be "won't fix" for now. When we plan to change something here, we should open new tickets, this one got confusing.

I put the new menu entries below the menu entry for the Quick Guide into the Help menu.

Done. And backported for VSD 3.4.

Note: I noticed that most of the old documents use underscores instead of hyphens in the document names. It doesn't really matter, but being consistent makes it easier to avoid typos.

Backported for VSD 3.4

To avoid confusion the outer folder is now kept if the name of the archived folder doesn't match the name of the archive.

Done.

Sound sensible. Ok, then this ticket will only revert T8022 for archives which were renamed.

1. That the users focus on the documentation which is more important for them.
2. That the menu is not too long. This point will be +/- moot now but removing "more documentation" now would make extra work.

And 1) stays valid. So I'd keep it in place until all the new documentation is available. Unless @ikloecker sees this differently

Good point! Just to clarify: there are several chapters that appear in both the User Manual and the Administrator Manual, each with a different focus. Smartcards, Backup, and Trust Management are topics covered in both.

This is a bit larger change (of UI improvement):

It is clearly not implemented for S/MIME: rKLEOPATRA9eed4a45ed93 but it should be.

It's not that simple. The user could have decrypted multiple archives. Showing an additional message box after all decrypted archives have been moved to the final destination somehow doesn't feel right. And what if an archive and a regular file were decrypted? Should the additional message box also show the final destination of the regular file? I think this needs more thought.

Please keep in mind, that for the 3.4 release, we will most likely only have the User Manual ready, not sure about the Administrator Manual.

I consider again about Ben's change. It could be simply support of the detection of the cancel situation where gpgme should return GPG_ERR_CANCELED (not related to single cancellation vs. whole cancellation).

I can't remember why Ben introduced the new status. OTOH, I wish that the Qt-Pinentry also emits a button_info line for closing the window. Normal users don't notice the difference but if you have a lot of private keys and you get a mail which has only hidden recipients the full_canceled is pretty useful. Also for other tasks like allow-mark-trusted: On Windows with the qt-pinentry I am always cursing about this but on my box I only need to close the pinentry window to get a fully_canceled

Alternative suggestion:

added vsd34 for the resetting of the defaults

I investigated the introduction of STATUS_CANCELED_BY_USER and GPGME_STATUS_CANCELED_BY_USER:
rG31e47dfad0f4: gpg: Add canceled status message.
rM35ca460019ea: Parse STATUS_CANCELED_BY_USER.

Filter 16 is the new filter for valid certificates. The problem could be that the version you tested did not yet have this filter.

@ikloecker I'd like it if we could backport the resetting of the preferences to vsd34.

Font selection dialog lets the user choose a font size, which is then not respected - can we disable selecting the font size?

I cannot reproduce this on gpg4win-5.0.2-beta-2 @ win11 either, so I set this to resolved.

Please briefly try to reproduce on Windows with Gpg4win 5.0.2. At lot has changed since this ticket was created so that it might be fixed already.

I cannot reproduce the empty dialog on Linux with the current build. I always see a correct result dialog for the readable file.

We use individual texts now that all follow the pattern "Detailed results of import from ..." for import from file (file name is displayed), clipboard, notepad, smart card, WKD (URL is displayed), server ("keyserver" or "LDAP server").

Note: This isn't included in Gpg4win 5.0(.2).

Note: This isn't included in Gpg4win 5.0(.2).

Note: This isn't included in Gpg4win 5.0(.2).

Note: This isn't included in Gpg4win 5.0(.2).

I stand partially corrected. Apparently, pinentry-efl also sets close_button. For Gpg4win that's irrelevant because we ship pinentry-qt (and pinentry-w32) which doesn't have this IMHO contra-intuitive behavior.