[tor-project] email interface for Trac: a proposal
Silvia [Hiro]
hiro at torproject.org
Tue Dec 13 12:20:20 UTC 2016
Apologies, I was eager to get some feedback and forgot to mention that
the intention was to get rid of the perl part and move verification into
and trac ticket management into the same script.
I am now managing the trust part of the signature verification (
https://gitweb.torproject.org/admin/trac/trac-email.git/
), but still heavy WIP.
Will ask for feedback when I have a more complete prototype, so it is
more clear how I want this to work.
-s
On 12/12/16 23:29, Peter Palfrader wrote:
> On Mon, 12 Dec 2016, Silvia [Hiro] wrote:
>
>> I have shared the first version here:
>> https://gitweb.torproject.org/admin/trac/trac-email.git/
>>
>> You will find procmail config, perl script verifying gpg signature (very
>> simple), python script to verify user permissions and create/update trac
>> tickets (still WIP).
>>
>> Looking forward to get more feedback on the proposed changes.
> I just glanced at it briefly, but the verify script has me worried. It
> uses Perl without 'use strict', nowadays open() really should use >= 3
> arguments, and I am not convinced the script actually verifies that the
> entire mail is signed.
>
> Also, you can't reliably cont on the exit code of gpg for verifying
> signatures.
>
> Cheers,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20161213/e3c2a2ba/attachment.sig>
More information about the tor-project
mailing list