Your message dated Fri, 11 Aug 2017 18:38:25 +0000
with message-id <[email protected]>
and subject line Bug#871627: Removed package(s) from unstable
has caused the Debian Bug report #745553,
regarding emacs24-el: mml2015-always-trust should default to nil, not t
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
745553: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745553
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: emacs24-el
Version: 24.3+1-2
Severity: normal
Hi emacs maintainers!
in
/usr/share/emacs/24.3/lisp/gnus/mml2015.el.gz
i see this variable definition:
(defcustom mml2015-always-trust t
"If t, GnuPG skip key validation on encryption."
:group 'mime-security
:type 'boolean)
This is a security risk for users of encrypted mail. i believe it
should be set to nil by default.
Here's why:
Consider Alice, who has OpenPGP certificates for "Bob
<[email protected]>" and "Carol <[email protected]>" in her keyring (in
that order). She has certified them both, so there is one valid
primary key for [email protected] and one valid primary key for
[email protected].
Bob turns evil (or maybe his key is compromised) and he adds a new
User ID: "Bob <[email protected]>" to his OpenPGP cert. He publishes
the update to the keyservers.
Alice, following best practices, updates her keyring from the
keyservers regularly.
Alice's keyring now has two certs that have a "[email protected]" user
ID in them. One of them is valid, and the other one is not.
Alice now composes a message to "Carol <[email protected]>" and marks
it with:
<#secure method=pgpmime mode=signencrypt>
As the message goes out, mml-mode just passes the e-mail address
[email protected] to gpg to encrypt the message body, and gpg uses the
e-mail address to select a key. Since Bob's key is first in the
keyring, it is the one that will be used.
Bob then sneaks a peak at Carol's e-mail (maybe they're delivered to the
same server, or he has a machine on the same network), catches the
message in transit, and can decrypt the content, violating Alice's
message confidentiality expectations.
Please set mml2015-always-trust to default to "nil" instead of "t".
--dkg
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.13-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages emacs24-el depends on:
ii emacs24-common 24.3+1-2
emacs24-el recommends no packages.
emacs24-el suggests no packages.
-- debconf-show failed
--- End Message ---
--- Begin Message ---
Version: 24.5+1-11+rm
Dear submitter,
as the package emacs24 has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see https://bugs.debian.org/871627
The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
[email protected].
Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)
--- End Message ---
