Apparently we've been using the SecureMail extension to encrypt confidential bug mail in the past but it's been disabled. idl0r indicates that the relevant bug might be [1]. While the bug hasn't been closed upstream, there are reasons to believe it does not apply anymore. Notably, other Bugzilla installations are using SecureMail successfully. idl0r also indicates that a particular version of Crypt-OpenPGP was blacklisted in the Mozilla installation [2] which may indicate that the bug was resolved afterwards. I'd like to try to reproduce the reported bug with the current version of Crypt-OpenPGP. If that doesn't trigger any problems, I'd like to deploy SecureMail on bugstest and see if it causes any problems (presuming that bz will encrypt mail). If it works, we will also want to automatically update developers' keys from LDAP. [1] https://rt.cpan.org/Public/Bug/Display.html?id=68018 [2] https://github.com/mozilla-bteam/bmo/commit/4b300bdeb4785ad67e641704bccc0e4ed1c8f3d2#diff-c54c6f0ebd29fb08e8bb2e8f482ea9b5
Ok, in my testing @ bugstest I can't reproduce the problem with SecureMail. I'm not 100% where mails are cut there but I suspect it encrypts the mails before they are discarded. @infra, ok to deploy to production?
After a short real-life testing, it turns out it's so broken it's useless. Firstly, it still can't manage to use the correct key to encrypt. You have to jump through a dozen hoops to reassemble invalid GPG key export that forces it to use the correct encryption key (read: remove primary key from it). Secondly, the encrypted message is not integrity protected, so it's rejected by GnuPG as invalid. Technically, GPG prints the contents but e.g. Evolution discards it because of the decryption error. @Whissi, did you ever happen to receive 'secure mail' from those other Bugzilla instances you mentioned?
Apparently Mozilla modified SecureMail to replace the broken Perl reinvention of the wheel with Node reinvention of the wheel which I can't even find sources of. https://github.com/mozilla-bteam/bmo/commit/dcb3506da0be31ec92950e85f51688cecef1b0f8#diff-c54c6f0ebd29fb08e8bb2e8f482ea9b5
(In reply to Michał Górny from comment #2) > @Whissi, did you ever happen to receive 'secure mail' from those other > Bugzilla instances you mentioned? Yes. And I just tested both instances: Whatever they use, it works like a charm.
Well, since we want to get keys from LDAP, maybe the following would work: 1. Replace Crypt::OpenPGP usage with direct gpg calls. 2. Add a cronjob that automatically fetches dev keyring like we do for other servers, and populates local GnuPG keyring from that. Use Authority Keys to get developer keys trusted. 3. Remove 'Secure Mail' properties tab, since we won't support manually specifying keys anymore. 4. Try to encrypt secure mail, and when user doesn't have key in GnuPG keyring, fall back to unencrypted 'bug changed, see link' information. In other words, instead of deciding whether to encrypt based on whether key's in db, decide whether to encrypt based on whether gpg succeeds encypting. 5. If users want encrypted mails too, we can add the keys to the local keyring manually.
