Created attachment 140865 [details] screenshot of the green path with sender/receiver SUMMARY using a trusted key to sign with a UID that it doesn't have shouldn't be green. note: evolution warns about this. STEPS TO REPRODUCE 1. create 2 sets of full gpg keys 2. use another client to sign sending one of your emails with the other emails key. I did this with a misconfiguration via fairemail. OBSERVED RESULT kmail shows green and all happy EXPECTED RESULT kmail should show yellow or red because that key isn't approved for that uid. SOFTWARE/OS VERSIONS Windows: macOS: Linux/KDE Plasma: (available in About System) KDE Plasma Version: KDE Frameworks Version: Qt Version: ADDITIONAL INFORMATION Kmail: 5.18.0 Operating System: Manjaro Linux KDE Plasma Version: 5.22.4 KDE Frameworks Version: 5.85.0 Qt Version: 5.15.2 Kernel Version: 5.10.59-1-MANJARO (64-bit) Graphics Platform: Wayland Processors: 8 × Intel® Core™ i7-10610U CPU @ 1.80GHz Memory: 15.4 GiB of RAM Graphics Processor: Mesa Intel® UHD Graphics
To me, this should be *red* the problem here is that if your key is compromised but not your email, someone could still send messages as you and people who've already imported your key might not even notice the mismatch.