Re: [tor-project] email interface for Trac: a proposal

[Peter Palfrader <weasel@xxxxxxxxxxxxxx>]

On Mon, 12 Dec 2016, Silvia [Hiro] wrote:

> I have shared the first version here:
> https://gitweb.torproject.org/admin/trac/trac-email.git/
> 
> You will find procmail config, perl script verifying gpg signature (very
> simple), python script to verify user permissions and create/update trac
> tickets (still WIP).
> 
> Looking forward to get more feedback on the proposed changes.

I just glanced at it briefly, but the verify script has me worried.  It
uses Perl without 'use strict', nowadays open() really should use >= 3
arguments, and I am not convinced the script actually verifies that the
entire mail is signed.

Also, you can't reliably cont on the exit code of gpg for verifying
signatures.

Cheers,
-- 
                            |  .''`.       ** Debian **
      Peter Palfrader       | : :' :      The  universal
 https://www.palfrader.org/ | `. `'      Operating System
                            |   `-    https://www.debian.org/
_______________________________________________
tor-project mailing list
tor-project@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project