Re: [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail

2016-02-08 Thread David Edmondson
[Raking over history...]

On Sat, Nov 29 2014, David Bremner wrote:
> David Edmondson  writes:
>
>> On Tue, Sep 02 2014, Tomi Ollila wrote:
>>> On Tue, Sep 02 2014, Daniel Kahn Gillmor  wrote:
>>>
 On 08/30/2014 03:37 AM, Jani Nikula wrote:
> I'm inclined to think this is a bug in message-mode. 

 I agree it's a bug in message-mode, not in notmuch itself.
>>>
>>> I think it might be here:
>>>
>>> http://bzr.savannah.gnu.org/lh/emacs/emacs-24/annotate/head:/lisp/gnus/mml.el#L258
>>>
>>> (it takes time to load, please wait...)
>>>
>>> If cond does not match, then don't fail...
>>
>> This looks to have been fixed in emacs at the end of September 2014.
>
> Right, this fix was released in emacs 24.4
>
> I'm a little torn what to do here. On the one hand the upstream change
> fixes the bug as reported. On the other hand, if something corrupts the
> #secure tag (e.g., by deleting a letter), then the message is still sent
> un-uncrypted.

That's true, but it's undoubtedly an upstream bug rather than a
notmuch-emacs bug.

If we apply some heuristic workaround in notmuch, users of gnus (and
mu4e?) will still be vulnerable to the same problem. The right thing to
do is report (and fix) the bug upstream.
___
notmuch mailing list
notmuch@notmuchmail.org
https://notmuchmail.org/mailman/listinfo/notmuch


[Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail

2014-12-01 Thread David Bremner
David Edmondson  writes:

>> I'm a little torn what to do here. On the one hand the upstream change
>> fixes the bug as reported. On the other hand, if something corrupts the
>> #secure tag (e.g., by deleting a letter), then the message is still sent
>> un-uncrypted.
>
> I'm unclear on what you mean. Is it that "upgrade to 24.4" is not a good
> enough answer, because we are still leaving pre-24.4 people out in the
> cold?

No, I mean the fix is rather narrow in that editing somewhere else on
the same line causes the same problem as before, even in 24.4

d


[Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail

2014-12-01 Thread David Edmondson
On Mon, Dec 01 2014, David Bremner wrote:
> David Edmondson  writes:
>
>>> I'm a little torn what to do here. On the one hand the upstream change
>>> fixes the bug as reported. On the other hand, if something corrupts the
>>> #secure tag (e.g., by deleting a letter), then the message is still sent
>>> un-uncrypted.
>>
>> I'm unclear on what you mean. Is it that "upgrade to 24.4" is not a good
>> enough answer, because we are still leaving pre-24.4 people out in the
>> cold?
>
> No, I mean the fix is rather narrow in that editing somewhere else on
> the same line causes the same problem as before, even in 24.4

Ah, okay. Well, off to emacs-devel with you, then :-D


[Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail

2014-12-01 Thread David Edmondson
On Sat, Nov 29 2014, David Bremner wrote:
> David Edmondson  writes:
>
>> On Tue, Sep 02 2014, Tomi Ollila wrote:
>>> On Tue, Sep 02 2014, Daniel Kahn Gillmor  wrote:
>>>
 On 08/30/2014 03:37 AM, Jani Nikula wrote:
> I'm inclined to think this is a bug in message-mode. 

 I agree it's a bug in message-mode, not in notmuch itself.
>>>
>>> I think it might be here:
>>>
>>> http://bzr.savannah.gnu.org/lh/emacs/emacs-24/annotate/head:/lisp/gnus/mml.el#L258
>>>
>>> (it takes time to load, please wait...)
>>>
>>> If cond does not match, then don't fail...
>>
>> This looks to have been fixed in emacs at the end of September 2014.
>
> Right, this fix was released in emacs 24.4
>
> I'm a little torn what to do here. On the one hand the upstream change
> fixes the bug as reported. On the other hand, if something corrupts the
> #secure tag (e.g., by deleting a letter), then the message is still sent
> un-uncrypted.

I'm unclear on what you mean. Is it that "upgrade to 24.4" is not a good
enough answer, because we are still leaving pre-24.4 people out in the
cold?


Re: [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail

2014-11-30 Thread David Edmondson
On Sat, Nov 29 2014, David Bremner wrote:
 David Edmondson d...@dme.org writes:

 On Tue, Sep 02 2014, Tomi Ollila wrote:
 On Tue, Sep 02 2014, Daniel Kahn Gillmor d...@fifthhorseman.net wrote:

 On 08/30/2014 03:37 AM, Jani Nikula wrote:
 I'm inclined to think this is a bug in message-mode. 

 I agree it's a bug in message-mode, not in notmuch itself.

 I think it might be here:

 http://bzr.savannah.gnu.org/lh/emacs/emacs-24/annotate/head:/lisp/gnus/mml.el#L258

 (it takes time to load, please wait...)

 If cond does not match, then don't fail...

 This looks to have been fixed in emacs at the end of September 2014.

 Right, this fix was released in emacs 24.4

 I'm a little torn what to do here. On the one hand the upstream change
 fixes the bug as reported. On the other hand, if something corrupts the
 #secure tag (e.g., by deleting a letter), then the message is still sent
 un-uncrypted.

I'm unclear on what you mean. Is it that upgrade to 24.4 is not a good
enough answer, because we are still leaving pre-24.4 people out in the
cold?
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch


Re: [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail

2014-11-30 Thread David Bremner
David Edmondson d...@dme.org writes:

 I'm a little torn what to do here. On the one hand the upstream change
 fixes the bug as reported. On the other hand, if something corrupts the
 #secure tag (e.g., by deleting a letter), then the message is still sent
 un-uncrypted.

 I'm unclear on what you mean. Is it that upgrade to 24.4 is not a good
 enough answer, because we are still leaving pre-24.4 people out in the
 cold?

No, I mean the fix is rather narrow in that editing somewhere else on
the same line causes the same problem as before, even in 24.4

d
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch


Re: [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail

2014-11-30 Thread David Edmondson
On Mon, Dec 01 2014, David Bremner wrote:
 David Edmondson d...@dme.org writes:

 I'm a little torn what to do here. On the one hand the upstream change
 fixes the bug as reported. On the other hand, if something corrupts the
 #secure tag (e.g., by deleting a letter), then the message is still sent
 un-uncrypted.

 I'm unclear on what you mean. Is it that upgrade to 24.4 is not a good
 enough answer, because we are still leaving pre-24.4 people out in the
 cold?

 No, I mean the fix is rather narrow in that editing somewhere else on
 the same line causes the same problem as before, even in 24.4

Ah, okay. Well, off to emacs-devel with you, then :-D
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch


[Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail

2014-11-29 Thread David Bremner
David Edmondson  writes:

> On Tue, Sep 02 2014, Tomi Ollila wrote:
>> On Tue, Sep 02 2014, Daniel Kahn Gillmor  wrote:
>>
>>> On 08/30/2014 03:37 AM, Jani Nikula wrote:
 I'm inclined to think this is a bug in message-mode. 
>>>
>>> I agree it's a bug in message-mode, not in notmuch itself.
>>
>> I think it might be here:
>>
>> http://bzr.savannah.gnu.org/lh/emacs/emacs-24/annotate/head:/lisp/gnus/mml.el#L258
>>
>> (it takes time to load, please wait...)
>>
>> If cond does not match, then don't fail...
>
> This looks to have been fixed in emacs at the end of September 2014.

Right, this fix was released in emacs 24.4

I'm a little torn what to do here. On the one hand the upstream change
fixes the bug as reported. On the other hand, if something corrupts the
#secure tag (e.g., by deleting a letter), then the message is still sent
un-uncrypted.

d


Re: [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail

2014-11-29 Thread David Bremner
David Edmondson d...@dme.org writes:

 On Tue, Sep 02 2014, Tomi Ollila wrote:
 On Tue, Sep 02 2014, Daniel Kahn Gillmor d...@fifthhorseman.net wrote:

 On 08/30/2014 03:37 AM, Jani Nikula wrote:
 I'm inclined to think this is a bug in message-mode. 

 I agree it's a bug in message-mode, not in notmuch itself.

 I think it might be here:

 http://bzr.savannah.gnu.org/lh/emacs/emacs-24/annotate/head:/lisp/gnus/mml.el#L258

 (it takes time to load, please wait...)

 If cond does not match, then don't fail...

 This looks to have been fixed in emacs at the end of September 2014.

Right, this fix was released in emacs 24.4

I'm a little torn what to do here. On the one hand the upstream change
fixes the bug as reported. On the other hand, if something corrupts the
#secure tag (e.g., by deleting a letter), then the message is still sent
un-uncrypted.

d
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch


[Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail

2014-11-12 Thread David Edmondson
On Tue, Sep 02 2014, Tomi Ollila wrote:
> On Tue, Sep 02 2014, Daniel Kahn Gillmor  wrote:
>
>> On 08/30/2014 03:37 AM, Jani Nikula wrote:
>>> I'm inclined to think this is a bug in message-mode. 
>>
>> I agree it's a bug in message-mode, not in notmuch itself.
>
> I think it might be here:
>
> http://bzr.savannah.gnu.org/lh/emacs/emacs-24/annotate/head:/lisp/gnus/mml.el#L258
>
> (it takes time to load, please wait...)
>
> If cond does not match, then don't fail...

This looks to have been fixed in emacs at the end of September 2014.


Re: [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail

2014-11-12 Thread David Edmondson
On Tue, Sep 02 2014, Tomi Ollila wrote:
 On Tue, Sep 02 2014, Daniel Kahn Gillmor d...@fifthhorseman.net wrote:

 On 08/30/2014 03:37 AM, Jani Nikula wrote:
 I'm inclined to think this is a bug in message-mode. 

 I agree it's a bug in message-mode, not in notmuch itself.

 I think it might be here:

 http://bzr.savannah.gnu.org/lh/emacs/emacs-24/annotate/head:/lisp/gnus/mml.el#L258

 (it takes time to load, please wait...)

 If cond does not match, then don't fail...

This looks to have been fixed in emacs at the end of September 2014.
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch


[Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail

2014-09-02 Thread Tomi Ollila
On Tue, Sep 02 2014, Daniel Kahn Gillmor  wrote:

> On 08/30/2014 03:37 AM, Jani Nikula wrote:
>> I'm inclined to think this is a bug in message-mode. 
>
> I agree it's a bug in message-mode, not in notmuch itself.

I think it might be here:

http://bzr.savannah.gnu.org/lh/emacs/emacs-24/annotate/head:/lisp/gnus/mml.el#L258

(it takes time to load, please wait...)

If cond does not match, then don't fail...

Tomi

>
>> As a workaround of sorts, I'd suggest not messing with the #secure tag
>> manually. Instead, you can use mml-secure-message-sign and
>> mml-secure-message-sign-encrypt to change the mode.
>
> the keybindings for those are usually:
>
>  C-c RET s p
>  C-c RET c p
>
> hth,
>
>   --dkg
>
>
> ___
> notmuch mailing list
> notmuch at notmuchmail.org
> http://notmuchmail.org/mailman/listinfo/notmuch


[Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail

2014-09-02 Thread Daniel Kahn Gillmor
On 08/30/2014 03:37 AM, Jani Nikula wrote:
> I'm inclined to think this is a bug in message-mode. 

I agree it's a bug in message-mode, not in notmuch itself.

> As a workaround of sorts, I'd suggest not messing with the #secure tag
> manually. Instead, you can use mml-secure-message-sign and
> mml-secure-message-sign-encrypt to change the mode.

the keybindings for those are usually:

 C-c RET s p
 C-c RET c p

hth,

--dkg


-- next part --
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: 



Re: [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail

2014-09-02 Thread Tomi Ollila
On Tue, Sep 02 2014, Daniel Kahn Gillmor d...@fifthhorseman.net wrote:

 On 08/30/2014 03:37 AM, Jani Nikula wrote:
 I'm inclined to think this is a bug in message-mode. 

 I agree it's a bug in message-mode, not in notmuch itself.

I think it might be here:

http://bzr.savannah.gnu.org/lh/emacs/emacs-24/annotate/head:/lisp/gnus/mml.el#L258

(it takes time to load, please wait...)

If cond does not match, then don't fail...

Tomi


 As a workaround of sorts, I'd suggest not messing with the #secure tag
 manually. Instead, you can use mml-secure-message-sign and
 mml-secure-message-sign-encrypt to change the mode.

 the keybindings for those are usually:

  C-c RET s p
  C-c RET c p

 hth,

   --dkg


 ___
 notmuch mailing list
 notmuch@notmuchmail.org
 http://notmuchmail.org/mailman/listinfo/notmuch
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch


Re: [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail

2014-09-01 Thread Daniel Kahn Gillmor
On 08/30/2014 03:37 AM, Jani Nikula wrote:
 I'm inclined to think this is a bug in message-mode. 

I agree it's a bug in message-mode, not in notmuch itself.

 As a workaround of sorts, I'd suggest not messing with the #secure tag
 manually. Instead, you can use mml-secure-message-sign and
 mml-secure-message-sign-encrypt to change the mode.

the keybindings for those are usually:

 C-c RET s p
 C-c RET c p

hth,

--dkg




signature.asc
Description: OpenPGP digital signature
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch


[Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail

2014-08-30 Thread Jani Nikula
On Thu, 28 Aug 2014, Vagrant Cascadian  wrote:
> When sending mail from notmuch-emacs interface, I usually use pgpmine
> signatures, but sometimes I want to send a signed encrypted message, so
> I manually edit the mode=sign to mode=signencrypt ... but if I make a
> typo, i.e. mode=signinvalidencrypt, notmuch happily and without warning
> sends the mail unencrypted.
> 
> i.e. #secure method=pgpmime mode=signinvalidencrypt will end up
> sending an encrypted message (with the <>, of course).
> 
> It seems like it should error out if the mode= is set to an invalid or
> unknown value, rather than sending mail in the clear.
> 
> I've got this set up in ~/.emacs, not sure what all else might be coming
> into play:
> 
>  '(message-setup-hook (quote (mml-secure-message-sign)))
>  '(notmuch-crypto-process-mime t)

I'm inclined to think this is a bug in message-mode. But we should
probably try to see what we could do to mitigate this.

As a workaround of sorts, I'd suggest not messing with the #secure tag
manually. Instead, you can use mml-secure-message-sign and
mml-secure-message-sign-encrypt to change the mode.

BR,
Jani.


Re: [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail

2014-08-30 Thread Jani Nikula
On Thu, 28 Aug 2014, Vagrant Cascadian vagr...@debian.org wrote:
 When sending mail from notmuch-emacs interface, I usually use pgpmine
 signatures, but sometimes I want to send a signed encrypted message, so
 I manually edit the mode=sign to mode=signencrypt ... but if I make a
 typo, i.e. mode=signinvalidencrypt, notmuch happily and without warning
 sends the mail unencrypted.
 
 i.e. #secure method=pgpmime mode=signinvalidencrypt will end up
 sending an encrypted message (with the , of course).
 
 It seems like it should error out if the mode= is set to an invalid or
 unknown value, rather than sending mail in the clear.
 
 I've got this set up in ~/.emacs, not sure what all else might be coming
 into play:
 
  '(message-setup-hook (quote (mml-secure-message-sign)))
  '(notmuch-crypto-process-mime t)

I'm inclined to think this is a bug in message-mode. But we should
probably try to see what we could do to mitigate this.

As a workaround of sorts, I'd suggest not messing with the #secure tag
manually. Instead, you can use mml-secure-message-sign and
mml-secure-message-sign-encrypt to change the mode.

BR,
Jani.
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch


[Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail

2014-08-29 Thread David Bremner
An embedded message was scrubbed...
From: Vagrant Cascadian 
Subject: Bug#759646: notmuch-emacs: switching mode= to invalid value sends 
unencrypted mail
Date: Thu, 28 Aug 2014 21:17:51 -0700
Size: 6392
URL: 



[Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail

2014-08-29 Thread David Bremner
---BeginMessage---
Package: notmuch-emacs
Version: 0.18.1-1
Severity: normal

Thanks for notmuch-emacs!

When sending mail from notmuch-emacs interface, I usually use pgpmine
signatures, but sometimes I want to send a signed encrypted message, so
I manually edit the mode=sign to mode=signencrypt ... but if I make a
typo, i.e. mode=signinvalidencrypt, notmuch happily and without warning
sends the mail unencrypted.

i.e. #secure method=pgpmime mode=signinvalidencrypt will end up
sending an encrypted message (with the , of course).

It seems like it should error out if the mode= is set to an invalid or
unknown value, rather than sending mail in the clear.

I've got this set up in ~/.emacs, not sure what all else might be coming
into play:

 '(message-setup-hook (quote (mml-secure-message-sign)))
 '(notmuch-crypto-process-mime t)


live well,
  vagrant


-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (500, 'testing'), (120, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
armhf

Kernel: Linux 3.14-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages notmuch depends on:
ii  libc6   2.19-9
ii  libglib2.0-02.40.0-4
ii  libgmime-2.6-0  2.6.20-1
ii  libnotmuch3 0.18.1-1
ii  libtalloc2  2.1.1-2
ii  zlib1g  1:1.2.8.dfsg-1

Versions of packages notmuch recommends:
ii  alot   0.3.5-2
ii  gnupg-agent2.0.25-2
ii  notmuch-emacs  0.18.1-1
ii  notmuch-mutt   0.18.1-1
ii  notmuch-vim0.18.1-1

notmuch suggests no packages.

-- no debconf information


pgpTkvAF1hWtr.pgp
Description: PGP signature
---End Message---
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch