Re: [Enigmail] Can somone confirm or deny if PGP/Mime messages verify in Debian Wheezy/IceDove?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 02.05.13 02:40, Grant wrote: On 05/01/2013 01:27 PM, Daniel Kahn Gillmor wrote: Grant, if you can give us any hints about what the problem was (or even better, what specific resolution you needed), that would be a great help to anyone else who might run into the same thing. This is strange. The message I initially noticed the problem on was from you. Andy's messages showed up fine, in both Inline and MIME signing. But this message also shows the signature.asc attachment and doesn't verify. Grant, do you read this mailing list via Gmane (i.e. via a NNTP newsgroups server)? If yes, then it's no surprise that Enigmail won't detect Daniel's signature: some of the required functionality to detect PGP/MIME messages are not available in Thunderbird (and SeaMonkey) for NNTP. - -Patrick -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) iQEVAwUBUYUisck25cDiHiw+AQiPQgf/R51jRxJMmv1ItLGm7Cwnuf4b4bjufMnD w/y6sJdsqjz/ew9Se/0QpCR3e6P4GyC+ZWvIc4ii+KEVSzAW+0J6QekLv6Nmua3S zrORX3NRjUK+RPkFRyQb4MTsFkp2x8HLGpuyfs6m1qbM1KSP28nyXVXGRFlYerw2 cU56fxCp9ffa101KUYQk6sZ7VY0irITKwRCQ4SyqV8TU+ty25RWAplItUMlpTWMd qoiMrIGq/mCDx/WpQc9fx+CZnaBo1YqTaP3WxklC4zUdvkHBNvJD5mc+Uc5YYP4r Kqz9Y3NBxLmLSBgqLdGK5X1FxDTzQe2L3eFgefoFZ62sWuW+DA7SjQ== =gRmJ -END PGP SIGNATURE- ___ enigmail-users mailing list enigmail-users@enigmail.net https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Can somone confirm or deny if PGP/Mime messages verify in Debian Wheezy/IceDove?
On 05/04/2013 11:01 AM, Patrick Brunschwig wrote: Grant, do you read this mailing list via Gmane (i.e. via a NNTP newsgroups server)? If yes, then it's no surprise that Enigmail won't detect Daniel's signature: some of the required functionality to detect PGP/MIME messages are not available in Thunderbird (and SeaMonkey) for NNTP. Actually, i can confirm that with icedove 10 and the corresponding enigmail 1.4.1, the message signature verifies over NNTP (and over local folders), but does *not* verify over IMAP. this is reported in debian (wheezy contains the above-mentioned versions): http://bugs.debian.org/679640 and was discussed earlier on this list (without resolution) in: http://thread.gmane.org/gmane.comp.mozilla.enigmail.general/17161/focus=17234 If you have any suggestions of what other patches might be useful without requiring a newer version of thunderbird itself, i'd be happy to try them out and report back. thanks for all your work on enigmail! Regards, --dkg signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Can somone confirm or deny if PGP/Mime messages verify in Debian Wheezy/IceDove?
On 5/4/2013 11:27 AM, Daniel Kahn Gillmor wrote: On 05/04/2013 11:01 AM, Patrick Brunschwig wrote: Grant, do you read this mailing list via Gmane (i.e. via a NNTP newsgroups server)? If yes, then it's no surprise that Enigmail won't detect Daniel's signature: some of the required functionality to detect PGP/MIME messages are not available in Thunderbird (and SeaMonkey) for NNTP. Actually, i can confirm that with icedove 10 and the corresponding enigmail 1.4.1, the message signature verifies over NNTP (and over local folders), but does *not* verify over IMAP. this is reported in debian (wheezy contains the above-mentioned versions): http://bugs.debian.org/679640 and was discussed earlier on this list (without resolution) in: http://thread.gmane.org/gmane.comp.mozilla.enigmail.general/17161/focus=17234 If you have any suggestions of what other patches might be useful without requiring a newer version of thunderbird itself, i'd be happy to try them out and report back. thanks for all your work on enigmail! If I may ask why does Debian offer such an old version of Icedove (same as TBird 10 when the current release is 17.0.5) and such an old version of Enigmail (1.4.1) when the current release is 1.5.1? -- David ___ enigmail-users mailing list enigmail-users@enigmail.net https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Can somone confirm or deny if PGP/Mime messages verify in Debian Wheezy/IceDove?
On 05/04/2013 12:13 PM, David wrote: If I may ask why does Debian offer such an old version of Icedove (same as TBird 10 when the current release is 17.0.5) and such an old version of Enigmail (1.4.1) when the current release is 1.5.1? For the stable version of debian, we offer long-term supported releases that we have time to test and integrate with the rest of the operating system. thunderbird 10 is the extended support release that was available at the time that wheezy (the upcoming stable release) was frozen. We offer the version of enigmail that corresponds with the version of thunderbird that we ship. Regards, --dkg signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Can somone confirm or deny if PGP/Mime messages verify in Debian Wheezy/IceDove?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 5/4/2013 12:51 PM, Daniel Kahn Gillmor wrote: On 05/04/2013 12:13 PM, David wrote: If I may ask why does Debian offer such an old version of Icedove (same as TBird 10 when the current release is 17.0.5) and such an old version of Enigmail (1.4.1) when the current release is 1.5.1? For the stable version of debian, we offer long-term supported releases that we have time to test and integrate with the rest of the operating system. thunderbird 10 is the extended support release that was available at the time that wheezy (the upcoming stable release) was frozen. We offer the version of enigmail that corresponds with the version of thunderbird that we ship. I see. So does that mean that any security 'fixes' have been backported? Or just are they just ignored? - -- David -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJRhUSHAAoJEI7mbDIOYu+o/6AP/A2+4jOHTaXXhsWp506JfLJ1 3FLqfUNLnPW0IXzNlREQlYxzAphgE6FCyKQJ/ksXIR/Ju1ruGE5EwEoW3XewhUfL AJW3jtKU2A6164evHxbuwbK4TQl4JJ9fgolUV08sAxDGcE8v2tXt0+SKbd2eWouD lbzK1Q6l5SgcLMwQdRrXY22l/L+Xix6b/nHLCHkr93HGZi3j4nDpkcOIqa0N9nCI a7V5ikjphsmplfF1DllcnKltp5teedvusr5WXwjfXHoqBFqZtmQ+v/FY79SDa3eb UWsCuimnytLZcRBski16LkCnoYf8taVsPrmIX/RLYb4z5SKIDg+TMCYBf8lMAgjf nO1Y3x1Z6tayQHH9Pub8wWOlJzNOG2YUXycusB/scV6VcfQxxsUYTLDxbchz/N/z gjWWoJnV4eCGoXvi5aaZXr2VQgJk1oFZK3fvOpohVEkKSEahKPl4bxofJmUn4dTp J03rSWZk5lRJK0pm/VxAVPwy64sq7bavZUQWzlyfTPKnEBHny2RBHOHxfQ90wnK9 zaBf2F8HYbuWFlQOkk9k11RpXU4BG+jPBUaleO8KG8cwMvqQavW75LojDn6t+MOi klNH+pAVb6aftijqbtgHV8vy9ceV5wemHlOBAFCBw3JeTb/Lv569oeVc4K+pRq/M 8G5mLowj91ciu8G71aVh =44cB -END PGP SIGNATURE- ___ enigmail-users mailing list enigmail-users@enigmail.net https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Can somone confirm or deny if PGP/Mime messages verify in Debian Wheezy/IceDove?
On 05/04/2013 01:25 PM, David wrote: I see. So does that mean that any security 'fixes' have been backported? Or just are they just ignored? Security concerns are not ignored; the goal of any stable release is to maintain a stable set of features and functionality (and APIs and ABIs) while addressing security concerns safely and promptly. Depending on the software in question, this usually involves backporting specific fixes and/or tracking a particular upstream long-term-support release (if it is maintained with a similar set of goals as debian stable). This is getting increasingly off-topic for the engimail list, so i encourage you to read more about the debian security team starting at: http://wiki.debian.org/Teams/Security And about the debian release process at: http://wiki.debian.org/DebianReleases http://www.debian.org/releases/ Thanks for your interest in Debian! Regards, --dkg signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
Re: [Enigmail] Can somone confirm or deny if PGP/Mime messages verify in Debian Wheezy/IceDove?
On 05/01/2013 08:40 PM, Grant wrote: On 05/01/2013 01:27 PM, Daniel Kahn Gillmor wrote: Grant, if you can give us any hints about what the problem was (or even better, what specific resolution you needed), that would be a great help to anyone else who might run into the same thing. This is strange. The message I initially noticed the problem on was from you. Andy's messages showed up fine, in both Inline and MIME signing. But this message also shows the signature.asc attachment and doesn't verify. Andy, does Daniel's message verify for you? I just did an install of both icedove and enigmail on an otherwise minimal wheezy system. I think i can replicate the problem, and it is in debian as http://bugs.debian.org/679640 -- in particular PGP/MIME-signed messages with additional parts outside the signature aren't considered signed by enigmail as long as they are accessed over IMAP (they can be seen/verified when stored in local folders or over NNTP). Patrick, this is the issue reported earlier on this list: http://thread.gmane.org/gmane.comp.mozilla.enigmail.general/17161/focus=17234 It does not yet seem to be resolved for the enigmail versions that are marked as compatible with thunderbird 10.0 esr :/ As you can see in that thread, i tried applying d87a8dbc60427 and 641f937d52b20, and this was not sufficient to get the message to verify properly when accessed over IMAP. What can i do to help resolve the issue? Regards, --dkg signature.asc Description: OpenPGP digital signature ___ enigmail-users mailing list enigmail-users@enigmail.net https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
[Enigmail] Can somone confirm or deny if PGP/Mime messages verify in Debian Wheezy/IceDove?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I just installed Wheezy, IceDove, and Enigmail. Inline PGP is verifying for me correctly, but PGP/Mime just shows the signature attachment. I know the standard response is if you're using a version of enigmail built for a distribution, you need to open the bug with them. I thought this was the best place to check to see if my install is just messed up before doing so. IceDove version is listed as 10.0.12 and Enigmail version is listed as 1.4.1. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJRfXeaAAoJEP5F5V2hilTWvpAH/2HEro+9rI36jRqhs9A/9VeU RHVAOlO0WF+68qte7lv1aoB6cVTdxas3/27XAhu8rCSQnFnD/OKA6fTTHmuDDOA0 Dt8cBrIhi2KU2TO2CInTRm+X9GzNzOFG3QiH1WHinC29JUDBnugGHc65mNJmRbl1 GcqJgqwSwEyUHIvKQvgN5hlFPQkFDemiG652OaeKTDr5kh3EArBskz1s/ZrAAWew T97DN4s9dzRDVZ7KKuQ+t9YsLdDxCznmkNGq6VsKWr1XsbelwE+kWl4ORYuoHT/K 5dfM4lp5al5DPNfa9WsZs2Kmhr+/qjpYu9/LRUCE/oboetLmqrfZafHwspFSYYc= =Sh5G -END PGP SIGNATURE- ___ enigmail-users mailing list enigmail-users@enigmail.net https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net