[Mailman-Users] PGP keys causing problems

Todd Zullinger tmz at pobox.com
Thu May 18 01:50:27 CEST 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mark Sapiro wrote:
> Before giving up on the archive, look at the 'source' html of the
> archive page and look at the 'source' of the scrubbed attachment(s).
> I've seen scrubbed attachments that look like X is missing when
> viewed in browser A and look like Y is missing when viewed in
> browser B, when in fact, if you look at the actual file, everything
> is there.

In the bug report I found, there's a link to the archived message:

    http://sablecc.org/lists/sablecc-user/2004-December/000159.html

and that looks just like the archived messages I have from testing.

It starts off with:

    Skipped content of type multipart/mixed

which would mean that the message part was totally skipped in
Handlers.Scrubber, right?

It seems to me that some part of the scrubber or message parsing code
may just not be recursing into the multipart/mixed part, but I don't
really know.  Mark, perhaps you know the flow better and could say
whether that's a possibility?

The structure of an OpenPGP/MIME signed message with an attachment is
something like this (the parts inside the multipart/mixed part may
vary, in my tests I used a plain text message and attached a patch
file):

    multipart/signed
        multipart/mixed
            text/plain
            text/plain
        application/pgp-signature

Around line 300 in Handlers.Scrubber, the comments say:

    # All parts should be scrubbed to text/plain by now.

and then a simple test for a non text/plain ctype is made, replacing
it with the "Skipped content" text from above.  Somewhere before that,
shouldn't the multipart/mixed message part have been handled?

- -- 
Todd        OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp
======================================================================
Every normal man must be tempted at times to spit upon his hands,
hoist the black flag and begin slitting throats.
    -- H.L. Mencken

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.

iG0EARECAC0FAkRrtsMmGGh0dHA6Ly93d3cucG9ib3guY29tL350bXovcGdwL3Rt
ei5hc2MACgkQuv+09NZUB1ptogCfWf3xbViDcFrObyDI/MAOU9ywnUsAnjfTtoDz
DKoOdu0aojENPnN6N83I
=cWxY
-----END PGP SIGNATURE-----

More information about the Mailman-Users mailing list