[Reportbug-maint] Bug#496781: Bug#496781: reportbug: Creates bad signatures when signing utf8 text

Bjørn Mork bjorn at mork.no
Tue Apr 14 11:59:59 UTC 2009


Sandro Tosi <morph at debian.org> writes:

> Are you still facing this problem? even with the latest 4.0 version?
>
> If you go to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496781
> you can see that your message is correctly identified as signed, and
> it's claimed a valid. What other input you received the mail is sent
> out as not correctly signed?

I still face the same problem.

But looking closer at it, I'm becoming unsure whether the bug is really
in sendmail (or my sendmail config) or in Gnus (my MUA).

Yes the signature can be verified as it appears on the BTS web page or
in any MUA which decode the Quoted-Printable encoding before verifying
the signature.

But if you look at the raw message:

 http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;mbox=yes;bug=496781

you'll note the header lines

 Content-Transfer-Encoding: quoted-printable
 X-MIME-Autoconverted: from 8bit to quoted-printable by canardo.mork.no id m7RBkqIR015319

This is my local sendmail converting the original 8bit message,
including signature, to quoted-printable.  I know this conversion can be
questioned, but such conversions will happen somewhere on the Internet
whether I change my configuration or not...

I'm more uncertain about Gnus as a MUA in this case.  When I'm reading
such a message in Gnus, it will first verify the signature (i.e. fail)
and then decode the content.  It should probably have done it the other
way round since there is no way a PGP signature could be embedded in a
valid QP-encoded message (as the signature itself will contain the
character =)

I'll forward the question to the Gnus list.  

But the problem would also disappear if reportbug used OpenPGP/MIME
(RFC3156).  Feel free to downgrade this bug to wishlist, or close it
with wontfix if you find that most appropriate.



Bjørn





More information about the Reportbug-maint mailing list