<<< Date Index >>>     <<< Thread Index >>>

Re: mutt/1519: when replying to pgp-encrypted mail, message ist *not* included in reply



The following reply was made to PR mutt/1519; it has been noted by GNATS.

From: Gregor Zattler <telegraph@xxxxxxx>
To: Alain Bench <veronatif@xxxxxxx>, bug-any@xxxxxxxxxxxxx
Cc: 
Subject: Re: mutt/1519: when replying to pgp-encrypted mail, message ist *not* 
included in reply
Date: Thu, 1 Sep 2005 14:34:26 +0200

 Hi Alain,
 * Alain Bench <veronatif@xxxxxxx> [31. Aug. 2005]:
 >  On Monday, August 29, 2005 at 8:25:01 PM +0200, Gregor Zattler wrote:
 > 
 > > bug #1519 [Debian Bug#186891] was solved by debian maintainer
 > > Adeodato Simó in 2004.
 > 
 >     For some reason I did not get the full thread #186891, as if some
 > mail exchanges were private. Not on the BTS nor on the Mutt package
 > tracking system mailing list. :-(
 
 Yes there are private mails in this thread.
  
 > > Hi discovered: It's a bug in pgp 2.6.3 and produced a work-around
 > > patch for mutt
 > 
 >     Dato also offered other workarounds, where you finally acknoweledged
 > the "alternative gpg.rc" one (whatever this is), leading to closure of
 > Bug#186891.
 
 I this cases i use a slightly modified gpg.rc:  In gpg.rc as
 shipped with mutts source are lines like this one:
 # set pgp_sign_command="/usr/bin/gpg-2comp --comment '' --no-verbose --batch  
--output - --passphrase-fd 0 --armor --detach-sign --textmode %?a? -u %a? %f"
 
 I uncommented them and modified them with
 "--allow-non-selfsigned-uid" and "--pgp2":
 
 set pgp_sign_command="/usr/local/bin/gpg-2comp --comment '' --no-verbose 
--pgp2 --batch --output - --allow-non-selfsigned-uid --armor --det ach-sign 
--textmode %?a?-u %a? %f"
 
 set pgp_clearsign_command="/usr/local/bin/gpg-2comp --comment '' --no-verbose 
--pgp2 --batch --output - --allow-non-selfsigned-uid --armor --textmode 
--clearsign %?a?-u %a? %f"
 
 set pgp_encrypt_only_command="/usr/lib/mutt/pgpewrap /usr/local/bin/gpg-2comp 
-v --pgp2 --batch --output - --encrypt --textmode --allow-non- selfsigned-uid 
--armor --always-trust -- -r %r -- %f"
 
 set pgp_encrypt_sign_command="/usr/lib/mutt/pgpewrap /usr/local/bin/gpg-2comp 
-v --batch --output - --encrypt --sign %?a?-u %a? --armor --al 
low-non-selfsigned-uid --always-trust -- -r %r -- %f"
 
 This works for me (see below).
 
 >     So it's unclear to me: Should we close mutt/1519, or should we
 > consider Adeodato's pgp.c:pgp_application_pgp_handler() patch to consume
 > stderr of the pgp command in reply (not display) case?
 
 I do not fully understand Adeodato's patch: Does his patch break
 signature verification?
 
 This bug will never be fixed on pgp 2.6.3.  Adeodato Simó closed
 the bug because
 a) I am perhaps the only person ever beeing bitten by this bug 
 b) the fix is very specific to pgp 2.6.3
 c) mutt developers are conservative in accepting patches.
 
 Reasons a) and b) are still valid: I guess use of pgp 2.6.3 fades
 away. 
 
 On the other hand c) may have changed and
 http://muppet.faveve.uni-stuttgart.de/~gero/gpg-2comp.tar.gz is
 not valid anymore.  So mutt newcomers may be unable to use
 modified gpg.rc.
 
 I think there are three possibilities:
 
 1. document the bug in mutt, distribute gpg-2comp with mutts
    source and describe how to modify and use gpg.rc 
 
 2. fix the bug in mutts source
 
 3. close the bug
 
 I am in favour of the second one if it does not break signature
 verification.
 
 
 
 Tanks for your reply, Gregor
 -- 
  -... --- .-. . -.. ..--.. ...-.-