Apologies, I was eager to get some feedback and forgot to mention that the intention was to get rid of the perl part and move verification into and trac ticket management into the same script.
I am now managing the trust part of the signature verification (
https://gitweb.torproject.org/admin/trac/trac-email.git/
), but still heavy WIP.
Will ask for feedback when I have a more complete prototype, so it is more clear how I want this to work.
-s
On 12/12/16 23:29, Peter Palfrader wrote:
On Mon, 12 Dec 2016, Silvia [Hiro] wrote:
I have shared the first version here: https://gitweb.torproject.org/admin/trac/trac-email.git/
You will find procmail config, perl script verifying gpg signature (very simple), python script to verify user permissions and create/update trac tickets (still WIP).
Looking forward to get more feedback on the proposed changes.
I just glanced at it briefly, but the verify script has me worried. It uses Perl without 'use strict', nowadays open() really should use >= 3 arguments, and I am not convinced the script actually verifies that the entire mail is signed.
Also, you can't reliably cont on the exit code of gpg for verifying signatures.
Cheers,