[tor-bugs] #5463 [BridgeDB]: BridgeDB must GPG-sign outgoing mails
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri May 9 15:21:44 UTC 2014
#5463: BridgeDB must GPG-sign outgoing mails
-----------------------------+----------------------------
Reporter: rransom | Owner: isis
Type: enhancement | Status: needs_review
Priority: normal | Milestone:
Component: BridgeDB | Version:
Resolution: | Keywords: bridgegb-email
Actual Points: | Parent ID:
Points: |
-----------------------------+----------------------------
Changes (by isis):
* status: needs_revision => needs_review
Comment:
This is fixed, and there are unittests for problems encountered, in my
`fix/5463-7547-7550-8241-11475-11753-email-rewrite`
[https://gitweb.torproject.org/user/isis/bridgedb.git/shortlog/refs/heads/fix/5463-7547-7550-8241-11475-11753
-email-rewrite branch] (which
[https://gitweb.torproject.org/user/isis/bridgedb.git/tree/refs/heads/fix/5463-7547-7550-8241-11475-11753
-email-rewrite:/lib/bridgedb/email rewrites the entirety] of the old
`lib/bridgedb/EmailServer.py` module).
There are additional fixes for the issue where libgpgme was attempting to
load private keys from the process owner's `$HOME` directory in my
`fix/5463-gpgme-homedir`
[https://gitweb.torproject.org/user/isis/bridgedb.git/shortlog/refs/heads/fix/5463
-gpgme-homedir branch], which is currently based on the
`fix/5463-7547-7550-8241-11475-11753-email-rewrite` branch and should be
merged after it. Additionally, since all the strings were changed to be
(mostly) the same as the ones which are currently in use on the HTTPS
distributor, there is a `translations/2014-05-07-update`
[https://gitweb.torproject.org/user/isis/bridgedb.git/shortlog/refs/heads/translations/2014-05-07-update
branch] which should be merged which updates the gettext `bridgedb.pot`
file.
There still is not a mechanism to include the client's email address in
the signed portion of the message. I'm not exactly sure what adversarial
behaviours that was intended to protect against.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5463#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list