Closed Bug 784578 Opened 12 years ago Closed 12 years ago

Change whine emails from hiding secure bug information to encrypting the mail

Categories

(bugzilla.mozilla.org :: Extensions, defect)

Production
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: glob, Assigned: dkl)

References

Details

Attachments

(1 file)

Thee emails are not encrypted, so third-parties could read the summary of those emails by intercepting them.

(From Ehsan Akhgari [:ehsan] from Bug 782330 comment #13)
> (In reply to comment #2)
> > I don't really have a strong preference either way, so I'll leave this for you
> > to decide.  :-)
> 
> Actually with this deployed, I changed my mind.  It would be really good if
> those emails can be encrypted.  Without that, my security bug whines have
> turned pretty useless. :(
Assignee: nobody → dkl
Status: NEW → ASSIGNED
New patch that instead of using a hook and updating the bug query data directly, it encrypts the email body if one or more bugs in the text list is secure.

dkl
Attachment #657451 - Flags: review?(glob)
Comment on attachment 657451 [details] [diff] [review]
Patch to encrypt whine email body when one or more bugs is secure (v1)

r=glob, with the following addressed on commit:

you can remove |use Bugzilla::Hook| from whine.pl.

>+        my $body = $part->body;
>+        print STDERR $body . "\n\n";

remove debugging code :)
Attachment #657451 - Flags: review?(glob) → review+
Committing to: bzr+ssh://dlawrence%40mozilla.com@bzr.mozilla.org/bmo/4.0
modified whine.pl
modified extensions/SecureMail/Extension.pm
Committed revision 8308

Committing to: bzr+ssh://dlawrence%40mozilla.com@bzr.mozilla.org/bmo/4.2
modified whine.pl
modified extensions/SecureMail/Extension.pm
Committed revision 8332
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Well, this has always two sides. With this change you will no longer be able to check the contents of the 'open reviews' whine emails. I'm using gmail as reader and so far I have not been able to setup anything which let me read secure emails. Once those emails contain a secure bug they will become pretty useless to anyone who reads the emails through Gmail. Further it will take you a fair amount of time to find out which secure bug is responsible for given that there is even no single link to the query. :(
Component: Extensions: SecureMail → Extensions
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: