the securemail ext has: # Mail is made unsecure only if the user does not have a public # key and is not in any security groups. So specifying a public # key OR being in a security group means the mail is kept secure if you're in a security group which has encrypted bugmail enabled, but you haven't provided a public key, you are unable to change your password. for password emails we should use the existence of a public key only, not group membership.
justdave pointed out on irc that this is most probably by design. this looks right after a quick reading of bug 190945. the password reset email which is sent when you haven't provided a key looks like: > This email would have contained sensitive information, and you have not set > a PGP/GPG key or SMIME certificate in the "Secure Mail" section of your user > preferences. > > You will have to contact firstname.lastname@example.org to reset your password. which is very clear about what happened and what needs to happen for someone to reset their password. --> wontfix
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → WONTFIX
Yep; I think the line is "this group needs to be secure; provide a public key or suffer reduced service", not "you have the option of providing a public key to take part in making this group more secure, but you don't have to". Gerv
You need to log in before you can comment on or make changes to this bug.