12 Dec
2016
12 Dec
'16
10:29 p.m.
On Mon, 12 Dec 2016, Silvia [Hiro] wrote:
I have shared the first version here: https://gitweb.torproject.org/admin/trac/trac-email.git/
You will find procmail config, perl script verifying gpg signature (very simple), python script to verify user permissions and create/update trac tickets (still WIP).
Looking forward to get more feedback on the proposed changes.
I just glanced at it briefly, but the verify script has me worried. It uses Perl without 'use strict', nowadays open() really should use >= 3 arguments, and I am not convinced the script actually verifies that the entire mail is signed.
Also, you can't reliably cont on the exit code of gpg for verifying signatures.
Cheers,
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `- https://www.debian.org/