Message-ID: <557891CA.5010708@AndySchroder.com>
Date: Wed, 10 Jun 2015 15:36:42 -0400
From: Andy Schroder <info@AndySchroder.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: bitcoin-development@lists.sourceforge.net
References: <1943127.DBnVxmfOIh@1337h4x0r>
	<20150610093556.GA11409@amethyst.visucore.com>
	<557869F9.8030109@AndySchroder.com> <557883A7.7030906@sky-ip.org>
	<55788924.6090008@AndySchroder.com>
	<20150610190320.GA1229@savin.petertodd.org>
	<55788C02.1010105@AndySchroder.com>
	<20150610192004.GB21416@savin.petertodd.org>
In-Reply-To: <20150610192004.GB21416@savin.petertodd.org>
OpenPGP: id=2D44186B;
	url=http://andyschroder.com/static/AndySchroder.asc
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="HcLvUdnd8pJQUE0e4bVfonWOOgLUWSpCa"
Subject: Re: [Bitcoin-development] Is SourceForge still trustworthy enough
 to host this list?
Precedence: list

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--HcLvUdnd8pJQUE0e4bVfonWOOgLUWSpCa
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable


Andy Schroder

On 06/10/2015 03:20 PM, Peter Todd wrote:
> On Wed, Jun 10, 2015 at 03:12:02PM -0400, Andy Schroder wrote:
>> Andy Schroder
>>
>> On 06/10/2015 03:03 PM, Peter Todd wrote:
>>>> 4. Seems like digital signatures are always broken on messages becau=
se
>>>>     the list server slightly modifies them (?), so my e-mail client
>>>>     doesn't verify them all.
>>> What type of digital signatures specifically? What email client?
>> I think they are usually PGP/MIME signatures that are not working
>> right. If you'll notice from my e-mail headers:
>>
>> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Th=
underbird/24.2.0
>> X-Enigmail-Version: 1.6
> It might be that Thunderbird doesn't properly handle messages with both=

> signed and unsigned content. I use mutt myself, which handles it just
> fine. (the sigs on your emails verify just fine for instance)
>

It's possible that the enigmail extension is not working right, but I=20
was under the impression that it is just feeding data to gpg and then=20
receiving the response back. It's possible that your e-mail you just=20
checked was not sent through mailman since I also replied directly to=20
you explicitly (in which case the message has not been modified) and you =

probably have the setting in the mailing list set to not send duplicate=20
messages if you are an explicit TO. I just deleted all explicit TOs for=20
this message, so everyone should be receiving it through the mailing=20
list and not directly. Is the signature still valid for you now? I think =

enigmail can handle messages with some signed and unsigned content, and=20
maybe PGP/MIME inherently does not support this and a mailing list=20
re-writing parts of messages is an expected action? If this message=20
re-writing is an expected action and I'm correct that PGP/MIME does not=20
support partially signed content, then maybe it is just a recommendation =

for this mailing list to not use PGP/MIME for messages sent to the list?

Can anyone else confirm?


--HcLvUdnd8pJQUE0e4bVfonWOOgLUWSpCa
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJVeJHKAAoJEDT679stRBhrpnwH/jYS3Nry6qvvnSUH0cw3ZkBl
66u2FY4p9svfPM+U/SaUFN4dqVrCpCbrlPbQkeuwneEAM8MuGewnF5iCDfM8bSPk
zNC2zScIyMua2caMPdx/v3gueLFIDatx8tnIma6MBXhDh6nWm7F8bYS212S/tz/M
9WEI3nHjx3XN/960FJP3yljjqxrUeWJlxlh7vzkDN3Hwy6nwP37fo20E35CKWd2z
ha9OXuaaRvhHa41zdGbgvfV7sbN7CGHmy0ch0BxZLc5bP+FO/pVwNXkNwTGmXVHu
jKyNf8apq/8BUvlL3aq/gP/E2D/k0uTMdsBHCW5O0Aa5dcYFT+a7hSJuUAmr2mE=
=9Jmb
-----END PGP SIGNATURE-----

--HcLvUdnd8pJQUE0e4bVfonWOOgLUWSpCa--