lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <569C3F73.3090805@pb.com>
Date:	Mon, 18 Jan 2016 03:27:15 +0200
From:	Andrey Utkin <andrey.utkin@...com>
To:	<linux-kernel@...r.kernel.org>, <git@...r.kernel.org>
Subject: Don't use PGP/GPG signatures in mail that contains patches


________________________________


Received: from [152.144.157.156] (141.251.156.196) by
 BLUPR72MB0050.MGDPBI.global.pvt (141.251.146.22) with Microsoft SMTP Server
 (TLS) id 15.1.365.19; Mon, 18 Jan 2016 01:27:19 +0000
To: <linux-kernel@...r.kernel.org>, <git@...r.kernel.org>
From: Andrey Utkin <andrey.utkin@...com>
Subject: Don't use PGP/GPG signatures in mail that contains patches
Openpgp: url=https://pgp.mit.edu/pks/lookup?op=get&search=0x3F6A28D927BDD76D
X-Enigmail-Draft-Status: N1110
Message-ID: <569C3F73.3090805@...com>
Date: Mon, 18 Jan 2016 03:27:15 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.5.0
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="X28Lo8p6DUuRNKFNUv1q0pw0RQUm2NcUq"
Return-Path: andrey.utkin@...com
X-MS-Exchange-Organization-OriginalArrivalTime: 18 Jan 2016 01:27:19.3593
 (UTC)
X-MS-Exchange-Forest-ArrivalHubServer: BLUPR72MB0050.MGDPBI.global.pvt
X-MS-Exchange-Organization-Network-Message-Id: b10450a0-fe74-4c67-770c-08d31fa68270
X-MS-Exchange-Organization-OriginalClientIPAddress: 141.251.156.196
X-MS-Exchange-Organization-OriginalServerIPAddress: 141.251.146.22
X-MS-Exchange-Organization-AuthSource: BLUPR72MB0050.MGDPBI.global.pvt
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 06
X-Originating-IP: [141.251.156.196]
X-ClientProxiedBy: CY1PR72CA0001.MGDPBI.global.pvt (141.251.156.206) To
 BLUPR72MB0050.MGDPBI.global.pvt (141.251.146.22)
X-MS-Exchange-Organization-FromEntityHeader: Hosted
X-MS-Exchange-Organization-Cross-Premises-Headers-Processed: BLUPR72MB0050.MGDPBI.global.pvt
X-MS-Exchange-Organization-OriginalSize: 2562
X-MS-Exchange-Organization-HygienePolicy: Standard
X-MS-Exchange-Organization-MessageFingerprint: E826D01E.AD394849.73E7B54A.87E5CDF1.20159
X-MS-Exchange-Organization-Antispam-PreContentFilter-ScanContext: CategorizerOnSubmitted;
X-MS-Office365-Filtering-Correlation-Id: b10450a0-fe74-4c67-770c-08d31fa68270
X-MS-Exchange-Organization-Cross-Session-Cache: 00SL=1;EMSL=1;SCL=0;BL=0;RL=1;PID=0;PL=0;EXPID=
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
X-MS-Exchange-Organization-Recipient-Limit-Verified: True
X-MS-Exchange-Organization-TotalRecipientCount: 2
X-MS-Exchange-Organization-Transport-Properties: DeliveryPriority=Normal
X-MS-Exchange-Organization-Prioritization: 1
X-MS-Exchange-Organization-Rules-Execution-History: 093951b5-60d6-451e-bdbd-c02315b1688f%%%1ff67a4d-9f2c-4a48-a677-a425aa48658a%%%28104803-15bf-471b-9bb2-b7fe4cc14c37%%%bfd17525-8f95-439d-8c59-163e4bd0b358%%%9fdf2717-51a3-48dc-a97a-ba764fc76d93

--X28Lo8p6DUuRNKFNUv1q0pw0RQUm2NcUq
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D QUOTE =3D=3D=3D=3D=3D
Don't use PGP/GPG signatures in mail that contains patches.
This breaks many scripts that read and apply the patches.
(This should be fixable.)
=3D=3D=3D=3D=3D END QUOTE =3D=3D=3D=3D=3D

This is in Linux' Documentation/email-clients.txt since 2007, and still
almost nobody signs patch submissions. There are few brave people who
do, though, and seems it's not the end of world for any "scripts".
The broken scripts could be an excuse in 2007, but not today.

Proposal:
1. Implement signing option in git-send-email.
2. Figure out if anything fails to interoperate.
3. Drop the quoted statement or change it to appreciate signing.


--X28Lo8p6DUuRNKFNUv1q0pw0RQUm2NcUq
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWnD9zAAoJED9qKNknvddtcDAQAKMWj9JI1nDVuMUkTX4Ud7kA
SjZ3clCwV+jI5pSgpppSGQSqJgPI4kWi9XiYOtEJWxZCJOw2go1kiRsn3JVBrzoX
84efgzgFc+16Mh9zEwihloZTREalpzUH45pS4Ni+/ftrOMP5A+ed8gG/e+ef2Mtk
fKwZglBX3COKHOmz7xWWdnHPpGgjMRtUb7bhGaqnf5rgkNfireeupKsYBQdRmlrK
zJFLfI4eTqchHMJwfaEb4M7vgbxqcC6eySUDFWf93VzasRqa4Alu4RswBgXYMnIn
VHiEbIDVJ99pj5L+0XwsY2RcBgO5Al0aeBaITahKHwh9HP+7Ov3Nb5V+lv18TQf8
G+CCfNYbcjYy/kgUg5sHolramXR285DJX8WAgfnP8DlrqaeKCssnBdeIj9zUlXbl
OFwE2bzK3ghXl+gs8Gh+VCODkszgmxVtjYwwGl6xXOQyCDD69mkT97sUVyAiSXeE
SzyS/5Db6C33F1dlQdx4lG7/MiYBHBWDTD/L8zEyUAknvtC1iHivR/uhTJd8v2D/
oytMMlmGbrchqJ6PI71Xkly8DTC3uxqvQpUVAWG5rd7b1aLrEwYOsif444HUHUz+
3sUNhMkGNWjir7SoR760hkLrKDHBXEr6M2WTBcKTIPjpNYr7QeOkOpmXXLH6qq3i
cicy0RtGdE5DTtFUoM+1
=xbOj
-----END PGP SIGNATURE-----

--X28Lo8p6DUuRNKFNUv1q0pw0RQUm2NcUq--

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ