GNU bug report logs -
#47660
Add link to the ticket when someone reply
Previous Next
Reported by: bo0od <bo0od <at> riseup.net>
Date: Thu, 8 Apr 2021 17:40:01 UTC
Severity: normal
Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Bug is archived. No further changes may be made.
Full log
Message #23 received at 47660 <at> debbugs.gnu.org (full text, mbox):
yeah patches provided by email is a mess, thought these stuff are done
using git only since guix is rely on it so emails/tickt system just used
for answering/solving issues.
also thought you were talking about encrypting the messages thats why i
asked who uses that.
for the spam part i dont know about solution for it, but what i know for
sure this is wrong/strange less useful behavior that i dont know any
main project doing it. (which is not attaching link for the
ticket,actually sometimes they even attach link to the reply itself
within the email not just the ticket itself...).
Maxime Devos:
> On Sat, 2021-04-10 at 14:20 +0000, bo0od wrote:
>> what are you talking about? who uses PGP/GPG for a public ticket
>> tracking system?...
>
> I do, Chris Marusich does, Léo Le Bouter does, Efraim Flashner does.
> I probably could find some more examples in my mail archive somewhere.
> Why shouldn't they use PGP? Signing e-mails with PGP allows the
> recipient to verify the e-mails actually came from the supposed sender.
>
> Remember, general discussion is done via e-mails on guix-devel <at> gnu.org,
> bug reports are done via e-mails on bug-guix <at> gnu.org and NNN <at> debbugs.gnu.org
> and patches are done via e-mails on guix-patches <at> gnu.org and NNN <at> debbugs.gnu.org.
>
> Practical use case:
> * I want to test (and, if I were a committer, perhaps merge) one of the gnome
> patch series (bug#47643, by Raghav Gururajan and revised by Leo Prikler).
> * I look over the source code changes, and don't see any obvious nefariousity,
> but perhaps I missed something ...
> * I trust Leo Prikler not to introduce non-obvious nefariousity.
>
> However, e-mail is an unreliable medium, so this patch series might be modified
> by an attacker on-route to my system (and the systems of other people) and the
> attacker might have introduced non-obious nefariousity.
> * I know Leo Prikler signs patch series. The attacker cannot, however, so the
> attacker sends the (forged) patch series unsigned.
> * /me asks Leo Prikler why the patch series is unsigned.
> * The attacker's evil plan is foiled!
>
> Actually, IIRC, Leo Prikler does not sign patch series. It's just an example!
>
> Also, regardless of whether PGP is used, the mangling messes up some headers
> (DKIM, IIRC), leading to e-mails being marked as spam. IIUC, debbugs or the
> mailing list software used to mangle messages, but that is now disabled for
> (at least) that reason.
>
> Greetings,
> Maxime.
>
This bug report was last modified 3 years and 149 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.