Bug#838805: DSA 3676 announcement email lack charset header
On Sun, Sep 25, 2016 at 04:46:55PM +0200, Salvatore Bonaccorso wrote: > Hi Adrian, > > On Sun, Sep 25, 2016 at 05:16:18PM +0300, Adrian Bunk wrote: > > On Sun, Sep 25, 2016 at 03:44:14PM +0200, Salvatore Bonaccorso wrote: > > > Hi Adrian, > > > > Hi Salvatore, > > > > > On Sun, Sep 25, 2016 at 07:01:49AM +0300, Adrian Bunk wrote: > > > > Package: security.debian.org > > > > Severity: minor > > > > > > > > https://lists.debian.org/debian-security-announce/2016/msg00256.html > > > > > > > > "Tuomas Räsänen" - that name is not displayed properly due to lack > > > > of an email header for the charset of the contents. > > > > > > > > Something like > > > > Content-Type: text/plain; charset=utf-8 > > > > is missing. > > > > > > > > I don't care about this past DSA, but it would be nice if you could > > > > fix that for future DSAs. > > > > > > Thanks. I have added accoring notes to our documentation, when the DSA > > > text needs to contain non-ASCII charset > > > > thanks. > > > > > (although the standard is > > > still, that since we need to GPG sign inline, to use only ASCII > > > charset). > > > > What is the problem? > > > > This email contains both an inline signature and the string "Räsänen". > > Is anything about that not working properly? > > It was, AFAICR, to avoid problems like in the thread starting at > https://lists.debian.org/debian-security/2010/05/msg1.html . But > maybe we can consider that not beeing a problem anymore. #580896 is still open and (as expected) I was able to reproduce it with Sylpheed 3.5.1-1+b1 in unstable. So with inline signatures your choices are: - use only ASCII in DSA announcement emails, changing names of people to ASCII variants. or - use UTF-8, and document in the FAQ that Sylpheed has a bug that might sometimes result in wrong signature reported for users using non-UTF-8 locales. [1] > In any case thanks again for your report, with our documentation > updated it hopefully should not happen on future DSAs. > > Regards, > Salvatore cu Adrian [1] DSA 2040-1 was using charset=iso-8859-1 in the header, but using a buggy MUA and not using a UTF-8 locale should keep the number of affected users as small as possible (the whole signature checking in Sylpheed is also more a hack you have to copy from the documentation than a properly supported feature) -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
Bug#838805: DSA 3676 announcement email lack charset header
Hi Adrian, On Sun, Sep 25, 2016 at 05:16:18PM +0300, Adrian Bunk wrote: > On Sun, Sep 25, 2016 at 03:44:14PM +0200, Salvatore Bonaccorso wrote: > > Hi Adrian, > > Hi Salvatore, > > > On Sun, Sep 25, 2016 at 07:01:49AM +0300, Adrian Bunk wrote: > > > Package: security.debian.org > > > Severity: minor > > > > > > https://lists.debian.org/debian-security-announce/2016/msg00256.html > > > > > > "Tuomas Räsänen" - that name is not displayed properly due to lack > > > of an email header for the charset of the contents. > > > > > > Something like > > > Content-Type: text/plain; charset=utf-8 > > > is missing. > > > > > > I don't care about this past DSA, but it would be nice if you could > > > fix that for future DSAs. > > > > Thanks. I have added accoring notes to our documentation, when the DSA > > text needs to contain non-ASCII charset > > thanks. > > > (although the standard is > > still, that since we need to GPG sign inline, to use only ASCII > > charset). > > What is the problem? > > This email contains both an inline signature and the string "Räsänen". > Is anything about that not working properly? It was, AFAICR, to avoid problems like in the thread starting at https://lists.debian.org/debian-security/2010/05/msg1.html . But maybe we can consider that not beeing a problem anymore. In any case thanks again for your report, with our documentation updated it hopefully should not happen on future DSAs. Regards, Salvatore
Bug#838805: DSA 3676 announcement email lack charset header
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Sep 25, 2016 at 03:44:14PM +0200, Salvatore Bonaccorso wrote: > Hi Adrian, Hi Salvatore, > On Sun, Sep 25, 2016 at 07:01:49AM +0300, Adrian Bunk wrote: > > Package: security.debian.org > > Severity: minor > > > > https://lists.debian.org/debian-security-announce/2016/msg00256.html > > > > "Tuomas Räsänen" - that name is not displayed properly due to lack > > of an email header for the charset of the contents. > > > > Something like > > Content-Type: text/plain; charset=utf-8 > > is missing. > > > > I don't care about this past DSA, but it would be nice if you could > > fix that for future DSAs. > > Thanks. I have added accoring notes to our documentation, when the DSA > text needs to contain non-ASCII charset thanks. > (although the standard is > still, that since we need to GPG sign inline, to use only ASCII > charset). What is the problem? This email contains both an inline signature and the string "Räsänen". Is anything about that not working properly? > Regards, > Salvatore cu Adrian - -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed -BEGIN PGP SIGNATURE- Version: GnuPG v1 iEYEARECAAYFAlfn3DIACgkQmfzqmE8StACF0ACfVxt5cL/xUgSmuIXZTI15TPt+ 9/MAnA5TCodZ1Rf1Kg7O1ZPYwtoAw9ua =lurZ -END PGP SIGNATURE-
Bug#838805: DSA 3676 announcement email lack charset header
Package: security.debian.org Severity: minor https://lists.debian.org/debian-security-announce/2016/msg00256.html "Tuomas Räsänen" - that name is not displayed properly due to lack of an email header for the charset of the contents. Something like Content-Type: text/plain; charset=utf-8 is missing. I don't care about this past DSA, but it would be nice if you could fix that for future DSAs.
