Re: [Pkg-mozext-maintainers] Regression update for Thunderbird in jessie-security (aka oldstable)?
Hi Daniel, Am 31.07.2017 um 11:55 schrieb Daniel Kahn Gillmor: > Hi Carsten-- > > Thank you very much for your work for keeing thunderbird ESR up-to-date > in debian. Sorry that enigmail is an ongoing problem for that work. no worries. In the past we had also xul-ext-foxyproxy-standard that also made sometimes troubles. And in all this kind of issues brings up some spice into the 'typical' workflow. > On Fri 2017-07-28 10:56:48 +0200, Carsten Schoenert wrote: >> We need some auto testing stuff that will help to discover such problems >> early as there are also some other typical extensions that maybe break >> by every new ESR version of Thunderbird. > > I think this is a great idea. I wrote mail to the enigmail mailing list > earlier this month to see whether there was any existing work we could > piggy-back off of: > > > https://admin.hostpoint.ch/pipermail/enigmail-users_enigmail.net/2017-July/004524.html > > I got some interesting pointers/suggestions in response, but no specific > code. > > I'd welcome help from anyone who wants to write a full-stack test that > we could use for an enigmail autopkgtest, though. > > I'm imagining an autopkgtest that does (at least) the following: > > * sets up a local MTA (postfix?) > * sets up a local IMAP server (dovecot?) > * creates accounts Alice and Bob on both servers >- both accounts should be able to send and receive mail > * creates two thunderbird profiles (maybe using different system user > accounts?) > * triggers the enigmail setup process on both accounts > * exchanges keys between the accounts (how?) > * Alice sends encrypted mail to Bob > * Bob reads encrypted mail > > With that in place, we could talk about embellishing the test suite to > include things like attachments, multiparty mail, etc. > > Does this seem feasible/useful? Is anyone interested in working on this > with me? The last days I was also talking about that with Guido to check the possibilities for testing Thunderbird itself more automatically and also after such tests some typical extensions. I'm very interested in doing these kind of things as this make my life as a co-maintainer more easy as the tests will show immediately if something is not working well after changes. Unfortunately I've no knowledge about how to do some GUI related testing and interactions. So I would need some kind of scaffolding there I can add things. OTOH there should be something possible by the XUL language itself, the extensions are doing the same in the core. So o.k., i guess the list you wrote up is a good start for now. I will see what the outcome of the next two weeks will be. But even if don't we have something ready then we should try to keep some focus on this in the next time. >> Hopefully we find some time to talk about that all at DebCamp/DebConf? > > Sadly, i won't make it to debconf this year. Meeh, that's said. :( Don't make this the common case, you wasn't also seen in Capetown! :P -- Regards Carsten Schoenert ___ Pkg-mozext-maintainers mailing list Pkg-mozext-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mozext-maintainers
Re: [Pkg-mozext-maintainers] Regression update for Thunderbird in jessie-security (aka oldstable)?
Hi On Mon, Jul 31, 2017 at 08:18:31AM -0300, Carsten Schoenert wrote: > Hello Philipp, > > Am 31.07.2017 um 05:36 schrieb Philipp Pilhofer: > > Am 28.07.2017 um 21:17 schrieb Moritz Mühlenhoff: > >> On Fri, Jul 28, 2017 at 10:56:48AM +0200, Carsten Schoenert wrote: > >>> Hello Debian Security Team, > >> > >> The enigmail update had just been released. > >> > > > > For some reason, the new enigmail has only been built for "all" in > > jessie, but not for the single architecture. On my machines (i386 and > > amd64) there's no update available, I would have to manually download > > and install the file as far as I see. > > this 'some reason' is grounded on the control file for the recent update > of enigmail. That's right. But Philipp OTOH was right that the upload was not seen. I contacted earlier FTP masters, which needed to decruft the old package (since it is not auto-decrufted). That has been sorted out now, and the enigmail package should be installable from security.d.o. root@jessie-amd64:~# apt-cache policy enigmail enigmail: Installed: (none) Candidate: 2:1.9.8.1-1~deb8u1 Version table: 2:1.9.8.1-1~deb8u1 0 500 http://security.debian.org/ jessie/updates/main amd64 Packages 2:1.8.2-4~deb8u1 0 500 http://httpredir.debian.org/debian/ jessie/main amd64 Packages Regards and hope this helps, Salvatore ___ Pkg-mozext-maintainers mailing list Pkg-mozext-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mozext-maintainers
Re: [Pkg-mozext-maintainers] Regression update for Thunderbird in jessie-security (aka oldstable)?
Hi Carsten-- Thank you very much for your work for keeing thunderbird ESR up-to-date in debian. Sorry that enigmail is an ongoing problem for that work. On Fri 2017-07-28 10:56:48 +0200, Carsten Schoenert wrote: > We need some auto testing stuff that will help to discover such problems > early as there are also some other typical extensions that maybe break > by every new ESR version of Thunderbird. I think this is a great idea. I wrote mail to the enigmail mailing list earlier this month to see whether there was any existing work we could piggy-back off of: https://admin.hostpoint.ch/pipermail/enigmail-users_enigmail.net/2017-July/004524.html I got some interesting pointers/suggestions in response, but no specific code. I'd welcome help from anyone who wants to write a full-stack test that we could use for an enigmail autopkgtest, though. I'm imagining an autopkgtest that does (at least) the following: * sets up a local MTA (postfix?) * sets up a local IMAP server (dovecot?) * creates accounts Alice and Bob on both servers - both accounts should be able to send and receive mail * creates two thunderbird profiles (maybe using different system user accounts?) * triggers the enigmail setup process on both accounts * exchanges keys between the accounts (how?) * Alice sends encrypted mail to Bob * Bob reads encrypted mail With that in place, we could talk about embellishing the test suite to include things like attachments, multiparty mail, etc. Does this seem feasible/useful? Is anyone interested in working on this with me? > Hopefully we find some time to talk about that all at DebCamp/DebConf? Sadly, i won't make it to debconf this year. --dkg signature.asc Description: PGP signature ___ Pkg-mozext-maintainers mailing list Pkg-mozext-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mozext-maintainers
Re: [Pkg-mozext-maintainers] Regression update for Thunderbird in jessie-security (aka oldstable)?
Hello Philipp, Am 31.07.2017 um 05:36 schrieb Philipp Pilhofer: > Am 28.07.2017 um 21:17 schrieb Moritz Mühlenhoff: >> On Fri, Jul 28, 2017 at 10:56:48AM +0200, Carsten Schoenert wrote: >>> Hello Debian Security Team, >> >> The enigmail update had just been released. >> > > For some reason, the new enigmail has only been built for "all" in > jessie, but not for the single architecture. On my machines (i386 and > amd64) there's no update available, I would have to manually download > and install the file as far as I see. this 'some reason' is grounded on the control file for the recent update of enigmail. https://anonscm.debian.org/git/pkg-mozext/enigmail.git/tree/debian/control?h=jessie There you can see that only one binary package is gonna build from the sources and this has architecture all. So this is all correct. If you don't see an update please check your sources files for apt. Substitute your release with the 'stretch': https://www.debian.org/security/ If you have further question please choose one of the supporting channels like mailing lists or IRC. https://www.debian.org/support -- Regards Carsten Schoenert ___ Pkg-mozext-maintainers mailing list Pkg-mozext-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mozext-maintainers
Re: [Pkg-mozext-maintainers] Regression update for Thunderbird in jessie-security (aka oldstable)?
Hello Moritz, Am 28.07.2017 um 11:01 schrieb Moritz Muehlenhoff: > On Fri, Jul 28, 2017 at 10:56:48AM +0200, Carsten Schoenert wrote: >> What's the opinion of the security team for another update of the >> existing Thunderbird packages in oldstable? >> I mean, we can't solve the problem of the needed version of Enigmail for >> users of Jessie, we just can add a proper Breaks to the control file. >> But doping so would need potentially somewhere manually updates on some >> users side. >> OTOH we can add the correct Breaks for Thunderbird with version 52.3.0 >> which should arrive in the next two weeks or so. > > We'll update enigmail in jessie-security and stretch-security, so we won't > need an update for thunderbird? yes. The update for Thunderbird would (and can) only bring a corrected version for enigmail in the Breaks field. So I would prefer if we not need to upload a new version of Thunderbird to security as we can't solve any real issue by that right now. >> We need some auto testing stuff that will help to discover such problems >> early as there are also some other typical extensions that maybe break >> by every new ESR version of Thunderbird. >> Hopefully we find some time to talk about that all at DebCamp/DebConf? > > Yes, let's do that. I'll be around. Fine, I'm also around starting on Monday, August 31. -- Regards Carsten Schoenert ___ Pkg-mozext-maintainers mailing list Pkg-mozext-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mozext-maintainers
