[ale] testing firegpg with mailman
Tim Watts
timtw at earthlink.net
Sun Nov 29 13:16:54 EST 2009
Good sig seen thru evolution 2.28.1. But Michael signed it using evo
2.24.5 -- no firegpg in the equation at all -- unless he's doing some
sneaky header stuff. The same is true for the msg he sent subsequently.
So I guess I don't see how this is relevant.
The claim is not that firegpg is incorrectly reporting sigs as invalid,
it's that sigs *originating* from firegpg AND sent thru mailman are
getting invalidated. From what people on the list have reported so far
this is observable in evolution, thunderbird and gmail.
On Sun, 2009-11-29 at 09:00 -0500, Jim Kinney wrote:
> OK all. Michael sent this email to the group with a valid signature
> attached. It went through mailman and is valid as per FireGPG on my
> fedora12/Firefox 3.5.5 system.
>
> Did anyone get this with a bad signature? Please indicate whether your
> mailreader is Gmail/FireGPG, evolution, thunderbird/enigmail, mutt
> w/gpg, etc.
>
> On Sat, Nov 28, 2009 at 3:18 PM, Michael H. Warfield
> <mhw at wittsend.com> wrote:
> Jim,
>
> On Sat, 2009-11-28 at 14:23 -0500, Jim Kinney wrote:
> > OK. So Mailman is (maybe) munging the gpg signature. Fixing
> that will
> > be a challenge if it's caused by signing the wrong sections
> of the
> > message body.
>
>
> Something is not right here. I run a mailman site supporting
> several
> dozen lists and multiple domains (IT-ISAC, ISAC Council, +++)
> and I
> don't see this problem. We use gpg/pgp all the time on those
> lists.
> Furthermore, my own signatures through the ALE list seem to be
> coming
> through fine.
>
> Couple of years ago, I did run into a problem with MailScanner
> which
> Julian and I took a few days to shoot. In that case,
> MailScanner was
> unpacking the mime and then repacking it (quoted printable in
> that case,
> I believe). While the contents of the attachments remained
> unaltered,
> the encoding encapsulation changed (Mime is ambiguous on
> several points
> and something time MailTools or MimeTools will pack something
> differently than will Evolution or Thunderbird). We had to
> stipulate
> something in MailScanner where the message was passed
> unmolested if
> nothing was found untoward in it, rather than repacking it and
> sending
> it on.
>
> There are a couple of MailScanner Mime settings that could
> impact this
> but I seriously doubt it.
>
> Try this for a test. Send a message back to me and to the
> list. Just a
> Reply-All should do just fine. I can do a byte for bye,
> attachment for
> attachment comparison. Make SURE <mhw at wittsend.com> is on the
> cc list,
> so I get a direct copy. You should be able to verify my
> signatures on
> this message the same way. Compare the results from the ALE
> relay to
> the direct message.
>
> Regards,
> Mike
>
>
> > What is needed now is to test a gpg signature sent from a
> plain text
> > (NOT from firegpg) email through mailman. It needs to be
> tested
> > through both firegpg and regular text email (anyone got a
> quick link
> > to gpg with mutt?).
> >
> > I sent myself a test message from firegpg to myself and NOT
> through
> > mailman. firgpg then reported it as a good signature. That
> leads me to
> > think the issue _is_ with mailman.
> >
> > oh joy. criticizing a gnu codebase ....
> >
> > On Sat, Nov 28, 2009 at 12:41 PM, Jeremy T. Bouse
> > <jeremy.bouse at undergrid.net> wrote:
> > jim.kinney at gmail.com wrote:
> >
> > > This is a simple test of firegpg running on Fedora
> > 12/Firefox 3.5.5
> > >
> > > Please reply with good or bad signature status.
> > >
> >
> >
> > gpg command line and output:
> > /usr/bin/gpg
> > gpg: Signature made Sat 28 Nov 2009 11:04:06 AM EST
> using RSA
> > key ID
> > 6A87D3C5
> > gpg: BAD signature from "James P. Kinney III
> (Physicist,
> > Brewer, Dad)
> > <jimkinney at gmail.com>"
> >
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> >
> >
> >
> >
> > --
> > --
> > James P. Kinney III
> > Actively in pursuit of Life, Liberty and Happiness
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> --
>
> Michael H. Warfield (AI4NB) | (770) 985-6132 |
> mhw at WittsEnd.com
> /\/\|=mhw=|\/\/ | (678) 463-0932 |
> http://www.wittsend.com/mhw/
> NIC whois: MHW9 | An optimist believes we live in
> the best of all
> PGP Key: 0x674627FF | possible worlds. A pessimist is
> sure of it!
>
>
>
> --
> --
> James P. Kinney III
> Actively in pursuit of Life, Liberty and Happiness
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
________
You can no more win a war than you can win an earthquake.
-- Jeannette Rankin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20091129/f203b17d/attachment.bin
More information about the Ale
mailing list