Re: [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail

2016-02-08 Thread David Edmondson
[Raking over history...]

On Sat, Nov 29 2014, David Bremner wrote:
> David Edmondson  writes:
>
>> On Tue, Sep 02 2014, Tomi Ollila wrote:
>>> On Tue, Sep 02 2014, Daniel Kahn Gillmor  wrote:
>>>
 On 08/30/2014 03:37 AM, Jani Nikula wrote:
> I'm inclined to think this is a bug in message-mode. 

 I agree it's a bug in message-mode, not in notmuch itself.
>>>
>>> I think it might be here:
>>>
>>> http://bzr.savannah.gnu.org/lh/emacs/emacs-24/annotate/head:/lisp/gnus/mml.el#L258
>>>
>>> (it takes time to load, please wait...)
>>>
>>> If cond does not match, then don't fail...
>>
>> This looks to have been fixed in emacs at the end of September 2014.
>
> Right, this fix was released in emacs 24.4
>
> I'm a little torn what to do here. On the one hand the upstream change
> fixes the bug as reported. On the other hand, if something corrupts the
> #secure tag (e.g., by deleting a letter), then the message is still sent
> un-uncrypted.

That's true, but it's undoubtedly an upstream bug rather than a
notmuch-emacs bug.

If we apply some heuristic workaround in notmuch, users of gnus (and
mu4e?) will still be vulnerable to the same problem. The right thing to
do is report (and fix) the bug upstream.
___
notmuch mailing list
notmuch@notmuchmail.org
https://notmuchmail.org/mailman/listinfo/notmuch


Re: [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail

2014-11-30 Thread David Edmondson
On Sat, Nov 29 2014, David Bremner wrote:
 David Edmondson d...@dme.org writes:

 On Tue, Sep 02 2014, Tomi Ollila wrote:
 On Tue, Sep 02 2014, Daniel Kahn Gillmor d...@fifthhorseman.net wrote:

 On 08/30/2014 03:37 AM, Jani Nikula wrote:
 I'm inclined to think this is a bug in message-mode. 

 I agree it's a bug in message-mode, not in notmuch itself.

 I think it might be here:

 http://bzr.savannah.gnu.org/lh/emacs/emacs-24/annotate/head:/lisp/gnus/mml.el#L258

 (it takes time to load, please wait...)

 If cond does not match, then don't fail...

 This looks to have been fixed in emacs at the end of September 2014.

 Right, this fix was released in emacs 24.4

 I'm a little torn what to do here. On the one hand the upstream change
 fixes the bug as reported. On the other hand, if something corrupts the
 #secure tag (e.g., by deleting a letter), then the message is still sent
 un-uncrypted.

I'm unclear on what you mean. Is it that upgrade to 24.4 is not a good
enough answer, because we are still leaving pre-24.4 people out in the
cold?
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch


Re: [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail

2014-11-30 Thread David Bremner
David Edmondson d...@dme.org writes:

 I'm a little torn what to do here. On the one hand the upstream change
 fixes the bug as reported. On the other hand, if something corrupts the
 #secure tag (e.g., by deleting a letter), then the message is still sent
 un-uncrypted.

 I'm unclear on what you mean. Is it that upgrade to 24.4 is not a good
 enough answer, because we are still leaving pre-24.4 people out in the
 cold?

No, I mean the fix is rather narrow in that editing somewhere else on
the same line causes the same problem as before, even in 24.4

d
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch


Re: [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail

2014-11-30 Thread David Edmondson
On Mon, Dec 01 2014, David Bremner wrote:
 David Edmondson d...@dme.org writes:

 I'm a little torn what to do here. On the one hand the upstream change
 fixes the bug as reported. On the other hand, if something corrupts the
 #secure tag (e.g., by deleting a letter), then the message is still sent
 un-uncrypted.

 I'm unclear on what you mean. Is it that upgrade to 24.4 is not a good
 enough answer, because we are still leaving pre-24.4 people out in the
 cold?

 No, I mean the fix is rather narrow in that editing somewhere else on
 the same line causes the same problem as before, even in 24.4

Ah, okay. Well, off to emacs-devel with you, then :-D
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch


Re: [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail

2014-11-29 Thread David Bremner
David Edmondson d...@dme.org writes:

 On Tue, Sep 02 2014, Tomi Ollila wrote:
 On Tue, Sep 02 2014, Daniel Kahn Gillmor d...@fifthhorseman.net wrote:

 On 08/30/2014 03:37 AM, Jani Nikula wrote:
 I'm inclined to think this is a bug in message-mode. 

 I agree it's a bug in message-mode, not in notmuch itself.

 I think it might be here:

 http://bzr.savannah.gnu.org/lh/emacs/emacs-24/annotate/head:/lisp/gnus/mml.el#L258

 (it takes time to load, please wait...)

 If cond does not match, then don't fail...

 This looks to have been fixed in emacs at the end of September 2014.

Right, this fix was released in emacs 24.4

I'm a little torn what to do here. On the one hand the upstream change
fixes the bug as reported. On the other hand, if something corrupts the
#secure tag (e.g., by deleting a letter), then the message is still sent
un-uncrypted.

d
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch


Re: [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail

2014-11-12 Thread David Edmondson
On Tue, Sep 02 2014, Tomi Ollila wrote:
 On Tue, Sep 02 2014, Daniel Kahn Gillmor d...@fifthhorseman.net wrote:

 On 08/30/2014 03:37 AM, Jani Nikula wrote:
 I'm inclined to think this is a bug in message-mode. 

 I agree it's a bug in message-mode, not in notmuch itself.

 I think it might be here:

 http://bzr.savannah.gnu.org/lh/emacs/emacs-24/annotate/head:/lisp/gnus/mml.el#L258

 (it takes time to load, please wait...)

 If cond does not match, then don't fail...

This looks to have been fixed in emacs at the end of September 2014.
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch


Re: [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail

2014-09-02 Thread Tomi Ollila
On Tue, Sep 02 2014, Daniel Kahn Gillmor d...@fifthhorseman.net wrote:

 On 08/30/2014 03:37 AM, Jani Nikula wrote:
 I'm inclined to think this is a bug in message-mode. 

 I agree it's a bug in message-mode, not in notmuch itself.

I think it might be here:

http://bzr.savannah.gnu.org/lh/emacs/emacs-24/annotate/head:/lisp/gnus/mml.el#L258

(it takes time to load, please wait...)

If cond does not match, then don't fail...

Tomi


 As a workaround of sorts, I'd suggest not messing with the #secure tag
 manually. Instead, you can use mml-secure-message-sign and
 mml-secure-message-sign-encrypt to change the mode.

 the keybindings for those are usually:

  C-c RET s p
  C-c RET c p

 hth,

   --dkg


 ___
 notmuch mailing list
 notmuch@notmuchmail.org
 http://notmuchmail.org/mailman/listinfo/notmuch
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch


Re: [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail

2014-09-01 Thread Daniel Kahn Gillmor
On 08/30/2014 03:37 AM, Jani Nikula wrote:
 I'm inclined to think this is a bug in message-mode. 

I agree it's a bug in message-mode, not in notmuch itself.

 As a workaround of sorts, I'd suggest not messing with the #secure tag
 manually. Instead, you can use mml-secure-message-sign and
 mml-secure-message-sign-encrypt to change the mode.

the keybindings for those are usually:

 C-c RET s p
 C-c RET c p

hth,

--dkg




signature.asc
Description: OpenPGP digital signature
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch


Re: [Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail

2014-08-30 Thread Jani Nikula
On Thu, 28 Aug 2014, Vagrant Cascadian vagr...@debian.org wrote:
 When sending mail from notmuch-emacs interface, I usually use pgpmine
 signatures, but sometimes I want to send a signed encrypted message, so
 I manually edit the mode=sign to mode=signencrypt ... but if I make a
 typo, i.e. mode=signinvalidencrypt, notmuch happily and without warning
 sends the mail unencrypted.
 
 i.e. #secure method=pgpmime mode=signinvalidencrypt will end up
 sending an encrypted message (with the , of course).
 
 It seems like it should error out if the mode= is set to an invalid or
 unknown value, rather than sending mail in the clear.
 
 I've got this set up in ~/.emacs, not sure what all else might be coming
 into play:
 
  '(message-setup-hook (quote (mml-secure-message-sign)))
  '(notmuch-crypto-process-mime t)

I'm inclined to think this is a bug in message-mode. But we should
probably try to see what we could do to mitigate this.

As a workaround of sorts, I'd suggest not messing with the #secure tag
manually. Instead, you can use mml-secure-message-sign and
mml-secure-message-sign-encrypt to change the mode.

BR,
Jani.
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch