all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
From: Maxime Devos <maximedevos@telenet.be>
To: bo0od <bo0od@riseup.net>, Leo Famulari <leo@famulari.name>
Cc: 47660@debbugs.gnu.org
Subject: bug#47660: Add link to the ticket when someone reply
Date: Sat, 10 Apr 2021 18:44:19 +0200	[thread overview]
Message-ID: <d2df07bbc70a175ec6bc5495df276eb32eb76c33.camel@telenet.be> (raw)
In-Reply-To: <3fb53146-829a-3829-a1b3-2828f6d03e9a@riseup.net>

[-- Attachment #1: Type: text/plain, Size: 1846 bytes --]

On Sat, 2021-04-10 at 14:20 +0000, bo0od wrote:
> what are you talking about? who uses PGP/GPG for a public ticket 
> tracking system?...

I do, Chris Marusich does, Léo Le Bouter does, Efraim Flashner does.
I probably could find some more examples in my mail archive somewhere.
Why shouldn't they use PGP?  Signing e-mails with PGP allows the
recipient to verify the e-mails actually came from the supposed sender.

Remember, general discussion is done via e-mails on guix-devel@gnu.org,
bug reports are done via e-mails on bug-guix@gnu.org and NNN@debbugs.gnu.org
and patches are done via e-mails on guix-patches@gnu.org and NNN@debbugs.gnu.org.

Practical use case:
* I want to test (and, if I were a committer, perhaps merge) one of the gnome
  patch series (bug#47643, by Raghav Gururajan and revised by Leo Prikler).
* I look over the source code changes, and don't see any obvious nefariousity,
  but perhaps I missed something ...
* I trust Leo Prikler not to introduce non-obvious nefariousity.

  However, e-mail is an unreliable medium, so this patch series might be modified
  by an attacker on-route to my system (and the systems of other people) and the
  attacker might have introduced non-obious nefariousity.
* I know Leo Prikler signs patch series.  The attacker cannot, however, so the
  attacker sends the (forged) patch series unsigned.
* /me asks Leo Prikler why the patch series is unsigned.
* The attacker's evil plan is foiled!

Actually, IIRC, Leo Prikler does not sign patch series.  It's just an example!

Also, regardless of whether PGP is used, the mangling messes up some headers
(DKIM, IIRC), leading to e-mails being marked as spam.  IIUC, debbugs or the
mailing list software used to mangle messages, but that is now disabled for
(at least) that reason.

Greetings,
Maxime.

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]

  reply	other threads:[~2021-04-10 16:45 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-08 17:38 bug#47660: Add link to the ticket when someone reply bo0od
2021-04-08 18:45 ` Leo Famulari
2021-04-09 20:44   ` bo0od
2021-04-10 10:45     ` Maxime Devos
2021-04-10 14:20       ` bo0od
2021-04-10 16:44         ` Maxime Devos [this message]
2021-04-10 20:13           ` bo0od
2021-04-15 14:24         ` Bonface Munyoki K.
2021-04-15 17:00           ` bo0od
2021-04-15 17:51             ` Maxime Devos
2021-04-16  2:38               ` bo0od
2022-03-18  2:56       ` Maxim Cournoyer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=d2df07bbc70a175ec6bc5495df276eb32eb76c33.camel@telenet.be \
    --to=maximedevos@telenet.be \
    --cc=47660@debbugs.gnu.org \
    --cc=bo0od@riseup.net \
    --cc=leo@famulari.name \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.