ideal.dll // fixing thread breaking

Steve steve at gpgtools.org
Fri Jun 29 18:00:03 CEST 2012


Hey all,

not meaning to spark up new discussions about this issue (we've had that before). But I really think, the energy invested in this discussion would be better invested in writing mailman tweaks.

Also, someone mentioned, that there already in fact *is* a mailman patch for PGP/MIME to work properly? Do I recall that memory correctly? I'm stunned that this issue keeps coming up.

http://www.gnu.org/software/mailman/ says Mailman 2.1.15 has been released on 13-June-2012. Is the patch in question included in that release?

Imo, things should rather move forward than stagnate and arguing that a mailing list software breaks PGP/MIME is fine. But as a consequence arguing for a non documented standard (OpenPGP Inline) is strange. I'd rather argue, that mailman needs a fix.

Let's not start a war over this. But could someone please elaborate why mailman after such a long time still breaks PGP/MIME?

All the best and kind regards,
steve


Am 29.06.2012 um 17:48 schrieb Robert J. Hansen:

> On 06/29/2012 08:06 AM, Brad Rogers wrote:
>>> If you ask on Enigmail mailing list, they will tell you that that
>>> issue is with Mailman (or other mailing list software) which messes up
>>> with headers and makes PGP/MIME unverifiable. They will also say that
>> 
>> Headers are outside what is signed, surely?
> 
> Mika is more or less right, except it isn't headers -- it's the PGP/MIME
> attachment separator.  Mailman makes a very slight tweak and that's
> enough to bollix up the signature.
> 
> This mailing list does not play nice with PGP/MIME, the last time I
> checked.  (For a long time Enigmail's list didn't, either, but that
> problem has since been fixed.)  In general, PGP/MIME with GNU Mailman is
> always a roll of the dice.
> 
> <begin speaking-for-Enigmail>
> 
> And yes, Mika is right: that's why Enigmail recommends inline OpenPGP.
> We've all seen PGP/MIME break in too many different contexts.  For
> instance, I've seen MTAs that strip off attachments, inspect the
> attachments for malware, then re-attach them but with very slight
> differences that break PGP/MIME.  I've seen MUAs that can't understand
> it, mailing list software that breaks it, and so on.
> 
> PGP/MIME is a superior technical standard, but it's quite fragile.  We
> believe PGP/MIME is the clear choice *if possible*, but given how often
> it's not possible we recommend inline OpenPGP by default.
> 
> <end speaking-for-Enigmail>
> 
> (This message is PGP/MIME signed.  I know my system works correctly with
> PGP/MIME and that neither my MUA nor MTA mangle it.  If it's not coming
> through, the most likely culprit is the list's GNU Mailman installation.)
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20120629/38d21fb1/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: </pipermail/attachments/20120629/38d21fb1/attachment.pgp>


More information about the Gnupg-users mailing list