Composer: Offer to send without encryption when key is missing
Hello and Merry Christmas,
I am user of Gnome Evolution since some years. I generated a GPG certificate and use Evolution with GPG.
Today, I discussed with a friend about a problem I noticed in Evolution and I would like to suggest to you an upgrade, an improvement related to ergonomy.
I looked for a developpement forum where I could post my message and I found the "evolution-hackers mailing list" here https://wiki.gnome.org/Apps/Evolution. I sent an email but the moderator adviced me to post here (https://gitlab.gnome.org/GNOME/evolution/-/issues/new). There is also the github (https://github.com/GNOME/evolution) but I don't know if it is the right place to post my suggestions of improvement. Please, if I did not post on the right place, tell me where I should post my idea.
Please note that it is not a bug report, just an advice from a user who know GPG and understand that most people does not use it. At the moment, we have to choose if we want encrypt the email or if we don't want encrypt. If we want that people adopt GPG, we should add an option to encypt automatically when it is possible. It is the same with SSL/TLS. Now, a lot of website use https and it is automatic without having to choose it...
Firstly, I want to say that I would like to sign and encypt my messages the most often as possible. I would like that signature and encyption are an automatic behaviour and the default behaviour. For this reason, I configured preferences of Evolution as shown in attached picture (cf EvolutionA.png).
As you can see in attached picture EvolutionB.png, when I create a new email, the signature and encryption are automatically checked/enabled. This is the same when I reply to an email from incomming mailbox, or if I use the forward function. This is perfect !
In a perfect world in which everybody would use a GPG certificate, I would not explain what will follow. However, I noticed that about 90% of my email recipient does not have a GPG certificate. So I don't have the choice, I can not use GPG with them.
If you look at attached picture EvolutionC.png, you will see an error which occure when I try to send an email to people who does not have GPG. This a normal behaviour from Evolution. It just say me : "Warning, you can not encrypt this email because the recipient does not have a GPG certificate."
So, I take 15 seconds to read the error message and understand what happened. Then, I decicide that my email does not contain critical datas and I decide to send it without encryption.
So, if you look at picture EvolutionD.png, you can see what I usually do after having this error.
Firstly, I disable the encryption and then, I send the email again. Finally, It work and the mail have been sent.
The problem is that in a normal day, I send 100 emails ;-) So, I read 90 errors messages (then, I disabled the encryption, waited 20 seconds and sent again, without encryption). Finally, only 10 messages among 100 are sent with signature and encryption without error message. At the end of the day, I waited 20 seconds * 90 = 1800 seconds = half hour, only to read errors messages due to people does not have GPG certificate !
I would suggest to modify the buttons of Evolution as shown in picture EvolutionE.png.
Please note that I added a button related to encryption. Before, there was only 2 buttons, now, there is 3.
This button is called "Try to encrypt". This is not the same as "Mandatory encryption". By this way, you can specify a encryption policy, a security policy. The aim is to specify a default security behaviour for all new email you write.
For instance, if "Mandatory encryption" is checked, the email can not be send if the recepient does not have a valid GPG certificate. This is the current behaviour previously described. An error message is diplayed and the user have to uncheck manuellay the encyption button. The user decide to send the message without encryption if he want. If the message contains confidential data, the user will choose another communication channel.
The button "try to encrypt" is not the same level of requirement. This is the level I need... If this button is enabled, Evolution will try to send the message with encryption... but if the recipient does not have PGP, I don't care... I accept to send without encryption. So, with this button, I will not see an error message. If Evolution failed to send with encryption, it automatically send without encryption.
This button can be called "encryption prefered.".
Maybe, in 6 months or 6 years, this post can provide an idea to a developper who is working on this part of Evolution. However I did not plan to implement it myself because I don't know Evolution and I contribute to other projects.
Regards, Nicolas