On Sun, Sep 25, 2016 at 04:46:55PM +0200, Salvatore Bonaccorso wrote: > Hi Adrian, > > On Sun, Sep 25, 2016 at 05:16:18PM +0300, Adrian Bunk wrote: > > On Sun, Sep 25, 2016 at 03:44:14PM +0200, Salvatore Bonaccorso wrote: > > > Hi Adrian, > > > > Hi Salvatore, > > > > > On Sun, Sep 25, 2016 at 07:01:49AM +0300, Adrian Bunk wrote: > > > > Package: security.debian.org > > > > Severity: minor > > > > > > > > https://lists.debian.org/debian-security-announce/2016/msg00256.html > > > > > > > > "Tuomas Räsänen" - that name is not displayed properly due to lack > > > > of an email header for the charset of the contents. > > > > > > > > Something like > > > > Content-Type: text/plain; charset=utf-8 > > > > is missing. > > > > > > > > I don't care about this past DSA, but it would be nice if you could > > > > fix that for future DSAs. > > > > > > Thanks. I have added accoring notes to our documentation, when the DSA > > > text needs to contain non-ASCII charset > > > > thanks. > > > > > (although the standard is > > > still, that since we need to GPG sign inline, to use only ASCII > > > charset). > > > > What is the problem? > > > > This email contains both an inline signature and the string "Räsänen". > > Is anything about that not working properly? > > It was, AFAICR, to avoid problems like in the thread starting at > https://lists.debian.org/debian-security/2010/05/msg00001.html . But > maybe we can consider that not beeing a problem anymore.
#580896 is still open and (as expected) I was able to reproduce it with Sylpheed 3.5.1-1+b1 in unstable. So with inline signatures your choices are: - use only ASCII in DSA announcement emails, changing names of people to ASCII variants. or - use UTF-8, and document in the FAQ that Sylpheed has a bug that might sometimes result in wrong signature reported for users using non-UTF-8 locales. [1] > In any case thanks again for your report, with our documentation > updated it hopefully should not happen on future DSAs. > > Regards, > Salvatore cu Adrian [1] DSA 2040-1 was using charset=iso-8859-1 in the header, but using a buggy MUA and not using a UTF-8 locale should keep the number of affected users as small as possible (the whole signature checking in Sylpheed is also more a hack you have to copy from the documentation than a properly supported feature) -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed