Add link to the ticket when someone reply

  • Done
  • quality assurance status badge
Details
5 participants
  • bo0od
  • Leo Famulari
  • Maxim Cournoyer
  • Maxime Devos
  • Bonface Munyoki K.
Owner
unassigned
Submitted by
bo0od
Severity
normal
B
B
bo0od wrote on 8 Apr 2021 19:38
(address . bug-guix@gnu.org)
149fbff7-889c-acc2-09d1-e79edfd29ec0@riseup.net
Hi There,

When someone reply to my ticket and receive the message through email
there is no URL included to the ticket, Which mean if i forgot what i
have wrote before then i need to go and see what was the conversation by
using ticket title in gnu bug which not nice.

Please add URL of the ticket always to the bottom.

ThX!
L
L
Leo Famulari wrote on 8 Apr 2021 20:45
(name . bo0od)(address . bo0od@riseup.net)(address . 47660@debbugs.gnu.org)
YG9PUyO76BUMNypK@jasmine.lan
On Thu, Apr 08, 2021 at 05:38:59PM +0000, bo0od wrote:
Toggle quote (9 lines)
> Hi There,
>
> When someone reply to my ticket and receive the message through email there
> is no URL included to the ticket, Which mean if i forgot what i have wrote
> before then i need to go and see what was the conversation by using ticket
> title in gnu bug which not nice.
>
> Please add URL of the ticket always to the bottom.

If you find yourself forgetting, you can use the bug number.

The bug number is in the email address and the subject line, and you can
use it like this:


Does that help?
B
B
bo0od wrote on 9 Apr 2021 22:44
(name . Leo Famulari)(address . leo@famulari.name)(address . 47660@debbugs.gnu.org)
3fc025b1-aa56-aec6-5c0a-80f8562f0e8e@riseup.net
This work or i search for it also work, But we are talking making things
much easier and its possible through providing the link directly to the
ticket in bottom, I believe this practice followed by all major
ticketing systems,platforms,projects.. So i dont understand whats the
big deal having it here as well.



Leo Famulari:
Toggle quote (19 lines)
> On Thu, Apr 08, 2021 at 05:38:59PM +0000, bo0od wrote:
>> Hi There,
>>
>> When someone reply to my ticket and receive the message through email there
>> is no URL included to the ticket, Which mean if i forgot what i have wrote
>> before then i need to go and see what was the conversation by using ticket
>> title in gnu bug which not nice.
>>
>> Please add URL of the ticket always to the bottom.
>
> If you find yourself forgetting, you can use the bug number.
>
> The bug number is in the email address and the subject line, and you can
> use it like this:
>
> https://issues.guix.gnu.org/issue/47660
>
> Does that help?
>
M
M
Maxime Devos wrote on 10 Apr 2021 12:45
(address . 47660@debbugs.gnu.org)
ce761b2c96ada1f4beadc36ed040e62c796aa2d2.camel@telenet.be
On Fri, 2021-04-09 at 20:44 +0000, bo0od wrote:
Toggle quote (6 lines)
> This work or i search for it also work, But we are talking making things
> much easier and its possible through providing the link directly to the
> ticket in bottom, I believe this practice followed by all major
> ticketing systems,platforms,projects.. So i dont understand whats the
> big deal having it here as well.

Mangling e-mails can cause all kinds of trouble.

It would mess up git patches, break messages signed with PGP or S/MIME
(does anyone here actually use S/MIME?), makes some headers used for
spam detection (and more generally, detecting forged mails) invalid,
which will lead to messages from the mailing list and @debbugs.gnu.org
be marked as spam ...

Greetings,
Maxime.
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYHGBxhccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7kGTAQC7B+hZeoz568SzYnh0juAAleAE
3+QMp3zZyimCqQMvbgEA3Lel7XDOuqrPHdhJDrXLBQKaW2ckfQYhGWcLcNdWnAo=
=rdNr
-----END PGP SIGNATURE-----


B
(address . 47660@debbugs.gnu.org)
3fb53146-829a-3829-a1b3-2828f6d03e9a@riseup.net
what are you talking about? who uses PGP/GPG for a public ticket
tracking system?...

gitlab,github,trac...etc all giving the ticket URL on the bottom of the
message nothing with magic im suggesting here.

Maxime Devos:
Toggle quote (18 lines)
> On Fri, 2021-04-09 at 20:44 +0000, bo0od wrote:
>> This work or i search for it also work, But we are talking making things
>> much easier and its possible through providing the link directly to the
>> ticket in bottom, I believe this practice followed by all major
>> ticketing systems,platforms,projects.. So i dont understand whats the
>> big deal having it here as well.
>
> Mangling e-mails can cause all kinds of trouble.
>
> It would mess up git patches, break messages signed with PGP or S/MIME
> (does anyone here actually use S/MIME?), makes some headers used for
> spam detection (and more generally, detecting forged mails) invalid,
> which will lead to messages from the mailing list and @debbugs.gnu.org
> be marked as spam ...
>
> Greetings,
> Maxime.
>
M
M
Maxime Devos wrote on 10 Apr 2021 18:44
(address . 47660@debbugs.gnu.org)
d2df07bbc70a175ec6bc5495df276eb32eb76c33.camel@telenet.be
On Sat, 2021-04-10 at 14:20 +0000, bo0od wrote:
Toggle quote (3 lines)
> what are you talking about? who uses PGP/GPG for a public ticket
> tracking system?...

I do, Chris Marusich does, Léo Le Bouter does, Efraim Flashner does.
I probably could find some more examples in my mail archive somewhere.
Why shouldn't they use PGP? Signing e-mails with PGP allows the
recipient to verify the e-mails actually came from the supposed sender.

Remember, general discussion is done via e-mails on guix-devel@gnu.org,
bug reports are done via e-mails on bug-guix@gnu.org and NNN@debbugs.gnu.org
and patches are done via e-mails on guix-patches@gnu.org and NNN@debbugs.gnu.org.

Practical use case:
* I want to test (and, if I were a committer, perhaps merge) one of the gnome
patch series (bug#47643, by Raghav Gururajan and revised by Leo Prikler).
* I look over the source code changes, and don't see any obvious nefariousity,
but perhaps I missed something ...
* I trust Leo Prikler not to introduce non-obvious nefariousity.

However, e-mail is an unreliable medium, so this patch series might be modified
by an attacker on-route to my system (and the systems of other people) and the
attacker might have introduced non-obious nefariousity.
* I know Leo Prikler signs patch series. The attacker cannot, however, so the
attacker sends the (forged) patch series unsigned.
* /me asks Leo Prikler why the patch series is unsigned.
* The attacker's evil plan is foiled!

Actually, IIRC, Leo Prikler does not sign patch series. It's just an example!

Also, regardless of whether PGP is used, the mangling messes up some headers
(DKIM, IIRC), leading to e-mails being marked as spam. IIUC, debbugs or the
mailing list software used to mangle messages, but that is now disabled for
(at least) that reason.

Greetings,
Maxime.
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYHHV5BccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7icUAP0RZIMk731BNW3fkQxHxbdnADjt
LGkC2AwCSRf13b5uzAD8DOhm9iSsIXsIGFd+992N/mVzfYi0DmAgYln535LP5QU=
=re8d
-----END PGP SIGNATURE-----


B
(address . 47660@debbugs.gnu.org)
6496319d-cde6-54bb-5bd7-64e06bf1eab2@riseup.net
yeah patches provided by email is a mess, thought these stuff are done
using git only since guix is rely on it so emails/tickt system just used
for answering/solving issues.

also thought you were talking about encrypting the messages thats why i
asked who uses that.

for the spam part i dont know about solution for it, but what i know for
sure this is wrong/strange less useful behavior that i dont know any
main project doing it. (which is not attaching link for the
ticket,actually sometimes they even attach link to the reply itself
within the email not just the ticket itself...).

Maxime Devos:
Toggle quote (38 lines)
> On Sat, 2021-04-10 at 14:20 +0000, bo0od wrote:
>> what are you talking about? who uses PGP/GPG for a public ticket
>> tracking system?...
>
> I do, Chris Marusich does, Léo Le Bouter does, Efraim Flashner does.
> I probably could find some more examples in my mail archive somewhere.
> Why shouldn't they use PGP? Signing e-mails with PGP allows the
> recipient to verify the e-mails actually came from the supposed sender.
>
> Remember, general discussion is done via e-mails on guix-devel@gnu.org,
> bug reports are done via e-mails on bug-guix@gnu.org and NNN@debbugs.gnu.org
> and patches are done via e-mails on guix-patches@gnu.org and NNN@debbugs.gnu.org.
>
> Practical use case:
> * I want to test (and, if I were a committer, perhaps merge) one of the gnome
> patch series (bug#47643, by Raghav Gururajan and revised by Leo Prikler).
> * I look over the source code changes, and don't see any obvious nefariousity,
> but perhaps I missed something ...
> * I trust Leo Prikler not to introduce non-obvious nefariousity.
>
> However, e-mail is an unreliable medium, so this patch series might be modified
> by an attacker on-route to my system (and the systems of other people) and the
> attacker might have introduced non-obious nefariousity.
> * I know Leo Prikler signs patch series. The attacker cannot, however, so the
> attacker sends the (forged) patch series unsigned.
> * /me asks Leo Prikler why the patch series is unsigned.
> * The attacker's evil plan is foiled!
>
> Actually, IIRC, Leo Prikler does not sign patch series. It's just an example!
>
> Also, regardless of whether PGP is used, the mangling messes up some headers
> (DKIM, IIRC), leading to e-mails being marked as spam. IIUC, debbugs or the
> mailing list software used to mangle messages, but that is now disabled for
> (at least) that reason.
>
> Greetings,
> Maxime.
>
B
B
Bonface Munyoki K. wrote on 15 Apr 2021 16:24
(name . bo0od)(address . bo0od@riseup.net)
86im4nmxrs.fsf@bonfacemunyoki.com
bo0od <bo0od@riseup.net> writes:

Toggle quote (4 lines)
> what are you talking about? who uses PGP/GPG for
> a public ticket tracking system?...
>

I do. I sign my e-mails as a guarantee to my
recipients that what you get is truly from
me. That plus my mail client makes that-- signing
emails-- way easy to do. I also sign all my
commits, even on the major platforms. FWIW, even
on GH, and GL, you could sign your emails when
replying to an email, thereby having the
recipients on the Cc see your pgp/ gpg signature,
while GL/ GH scrapes it off when displaying it's
contents. However, there are people who sign email
inline. Here's one such example:

PS: If you use gnus from Emacs, you should read:
In my Emacs, I have:

Toggle snippet (17 lines)
(use-package mm-encode
:config (setq mm-encrypt-option 'guided) (setq
mm-sign-option 'guided))

(use-package mml-sec
:config (setq mml-secure-openpgp-encrypt-to-self
t) (setq mml-secure-openpgp-sign-with-sender t)
(setq mml-secure-smime-encrypt-to-self t) (setq
mml-secure-smime-sign-with-sender t))

(use-package epa-file
:config (setq
epa-file-cache-passphrase-for-symmetric-encryption
nil))


Toggle quote (29 lines)
> gitlab,github,trac...etc all giving the ticket
> URL on the bottom of the message nothing with
> magic im suggesting here.
>
> Maxime Devos:
>> On Fri, 2021-04-09 at 20:44 +0000, bo0od wrote:
>>> This work or i search for it also work, But we
>>> are talking making things much easier and its
>>> possible through providing the link directly
>>> to the ticket in bottom, I believe this
>>> practice followed by all major ticketing
>>> systems,platforms,projects.. So i dont
>>> understand whats the big deal having it here
>>> as well.
>> Mangling e-mails can cause all kinds of
>> trouble. It would mess up git patches, break
>> messages signed with PGP or S/MIME (does anyone
>> here actually use S/MIME?), makes some headers
>> used for spam detection (and more generally,
>> detecting forged mails) invalid, which will
>> lead to messages from the mailing list and
>> @debbugs.gnu.org be marked as spam ...
>> Greetings, Maxime.
>>
>
>
>
>

--
Bonface
M. K. D4F09EB110177E03C28E2FE1F5BBAE1E0392253F
Humble GNU Emacs User / Bearer of scheme-y parens
Curator: https://upbookclub.com / Twitter:
@BonfaceKilz
-----BEGIN PGP SIGNATURE-----

iQJKBAEBCAA0FiEE1PCesRAXfgPCji/h9buuHgOSJT8FAmB4TIsWHG1lQGJvbmZh
Y2VtdW55b2tpLmNvbQAKCRD1u64eA5IlP+W/D/0e87gcSzWVRKlwH7jBxBHnYaG4
l6x5B10nugEo9XC+jf0ZGhfKe6qgjrzi3bGk8KPES/ErGsG0QpX6Ttlo1AELoz2a
djdGtwGIU3HwHbK3fB9jp4LGoTrBpZz2YCzYOJM7lixZhf00ZWupTirCYA1yWLHg
tQUKlDE7+j2ULpoQKmgIljyfVeL+U7/geonDx/sweE654oBiZIqV8b4gowjLTUXf
wexuuapYMrvACLnDHYw0AvFy9470iDdO+LVyFC6E34erIy53yhK9B8dWERuJv8+z
nLRqvaEEjpJYixyAQy1EQzedNHejAXdPfknaVJP0+Q6iYxdz7rqoXQDui3/mc1lQ
YniXhpPDaqogsaywBlHpXUkfs9AZAjKODra2XZ1RYz7p3a4CK0TdJVLHt/hs1opb
7yxIBo/JVT++bOEQWjdr7JYLraDIw8M3LNdg1RzQdjt9z8BB7McjWnLYxWYb+buW
hPEgh+dUlEiCrLAdOjKrG90KyI4s1Oe+OjZM5TUqqp0pmKpOJqv0L17KgmuNTrFg
6NRBxD113rq0ULHQaWQOd2Dwoz434aVvK/jgqnE9hloIK5EjdRhPjH3Z6jeRByhM
uBhRgFcGNIPG6BLi1yWMlVc8oh39EgtxyobFtHJvicCsx7yFsx8P4aNVQiOCYwkF
xHjg4KMdBtRqTQ9FfQ==
=nyvZ
-----END PGP SIGNATURE-----

B
(name . Bonface Munyoki K.)(address . me@bonfacemunyoki.com)
be8288f6-f500-3090-4612-975568d47882@riseup.net
To be honest i find this bad thing to use emails to do anything rather
than online registration and not necessary stuff (means being
encrypted,manipulated.. just not something important)

Email sucks due to:
* Messages are not encrypted by default which mean it need an extra tool
to do it and commonly used is GPG/PGP + it needs tool to implement this
encryption on the messages which mean mail reader/client most commonly
one used is thunderbird/icedove <- This method having tremendous
security issues check for example:


* Most of the time (not always) heavily rely on clearnet which mean
issues of TLS/DNS which needs to be hardened otherwise they are exist by
names but does nothing.


..This is out of scope to discuss this in details, I just want to see
the bug URL linked to the bottom of the email i receive thats it.

Bonface Munyoki K.:
Toggle quote (70 lines)
> bo0od <bo0od@riseup.net> writes:
>
>> what are you talking about? who uses PGP/GPG for
>> a public ticket tracking system?...
>>
>
> I do. I sign my e-mails as a guarantee to my
> recipients that what you get is truly from
> me. That plus my mail client makes that-- signing
> emails-- way easy to do. I also sign all my
> commits, even on the major platforms. FWIW, even
> on GH, and GL, you could sign your emails when
> replying to an email, thereby having the
> recipients on the Cc see your pgp/ gpg signature,
> while GL/ GH scrapes it off when displaying it's
> contents. However, there are people who sign email
> inline. Here's one such example:
> https://github.com/alezost/guix.el/issues/39
>
> PS: If you use gnus from Emacs, you should read:
> https://www.gnu.org/software/emacs/manual/html_node/message/Signing-and-encryption.html#Signing-and-encryption
> In my Emacs, I have:
>
> --8<---------------cut here---------------start------------->8---
> (use-package mm-encode
> :config (setq mm-encrypt-option 'guided) (setq
> mm-sign-option 'guided))
>
> (use-package mml-sec
> :config (setq mml-secure-openpgp-encrypt-to-self
> t) (setq mml-secure-openpgp-sign-with-sender t)
> (setq mml-secure-smime-encrypt-to-self t) (setq
> mml-secure-smime-sign-with-sender t))
>
> (use-package epa-file
> :config (setq
> epa-file-cache-passphrase-for-symmetric-encryption
> nil))
> --8<---------------cut here---------------end--------------->8---
>
>
>> gitlab,github,trac...etc all giving the ticket
>> URL on the bottom of the message nothing with
>> magic im suggesting here.
>>
>> Maxime Devos:
>>> On Fri, 2021-04-09 at 20:44 +0000, bo0od wrote:
>>>> This work or i search for it also work, But we
>>>> are talking making things much easier and its
>>>> possible through providing the link directly
>>>> to the ticket in bottom, I believe this
>>>> practice followed by all major ticketing
>>>> systems,platforms,projects.. So i dont
>>>> understand whats the big deal having it here
>>>> as well.
>>> Mangling e-mails can cause all kinds of
>>> trouble. It would mess up git patches, break
>>> messages signed with PGP or S/MIME (does anyone
>>> here actually use S/MIME?), makes some headers
>>> used for spam detection (and more generally,
>>> detecting forged mails) invalid, which will
>>> lead to messages from the mailing list and
>>> @debbugs.gnu.org be marked as spam ...
>>> Greetings, Maxime.
>>>
>>
>>
>>
>>
>
M
M
Maxime Devos wrote on 15 Apr 2021 19:51
41d350bee8ce1fa0d628bd9e833d6c6ced8765b8.camel@telenet.be
On Thu, 2021-04-15 at 17:00 +0000, bo0od wrote:
Toggle quote (4 lines)
> To be honest i find this bad thing to use emails to do anything rather
> than online registration and not necessary stuff (means being
> encrypted,manipulated.. just not something important)

To be honest, I find it a bad thing that many projects (I'm looking at
GitHub here (*)) only have a web interface, that require registration
(and often have terms of service I would consider criminal). Then there
are multiple web sites requiring registration that I need to keep track
of.

(*) Ok, GitHub has e-mail notifications. But I can't directly reply to them,
I need to go to the web interface. At least, that was the case N years ago.

I like being able to perform all asynchronuous communication via e-mail,
instead of via a dozen platforms. With e-mail, you get signing ‘for free’,
while with $PLATFORMS, you need to rely on each $PLATFORM infrastructure
or resort to ...

(my intepretation of your words, out of context, with encryption replaced with
signing)
Toggle quote (12 lines)
> extra tools, where you have to copy the message into the tool, let the
> tool verify the signature. Or write a message into the tool, let the
> tool create the signature, and copy the message+signature into the web
> interface.

> Email sucks due to:
> * Messages are not encrypted by default which mean it need an extra tool
> to do it and commonly used is GPG/PGP + it needs tool to implement this
> encryption on the messages which mean mail reader/client most commonly
> one used is thunderbird/icedove <- This method having tremendous
> security issues check for example: [...]

Not relevant for our purposes. Issues are public. Only PGP for signing is
relevant here. Also, PGP + Evolution works just fine for me, and evolution
doesn't download external attachements by default.

Toggle quote (4 lines)
> * Most of the time (not always) heavily rely on clearnet which mean
> issues of TLS/DNS which needs to be hardened otherwise they are exist by
> names but does nothing.

I couldn't parse this. What does ‘they are exist by names but does nothing’
mean?

Toggle quote (3 lines)
> ..This is out of scope to discuss this in details, I just want to see
> the bug URL linked to the bottom of the email i receive thats it.

Guix' bug tracking software is ‘GNU Bug Tracker’. You could ask it on
that project's mailing lists. Now I see you did that already:

I don't have anything else to say on this topic; I'm not sending further replies.

Greetings,
Maxime.
-----BEGIN PGP SIGNATURE-----

iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYHh9HxccbWF4aW1lZGV2
b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7qnkAP4hh1zs5Xk4keXwOCas83ai+5g6
2cNdNNK1p2dNKA3P8wD+IVn2EsogBmvAJ4oEAgzoibsrxklu4Bd0qRNQN6uSsgk=
=y73D
-----END PGP SIGNATURE-----


B
cd2209bf-be85-20e1-ec65-1f9da50b7ae9@riseup.net
Not gonna go with details about email thing (not what the ticket is
about), But just clarify what you asked:

> I couldn't parse this. What does ‘they are exist by names but does
nothing’
> mean?

having TLS connection is not oh wow im secured now. TLS has versions and
many other stuff like ciphers , HSTS ...etc if not all of them lined
securely mean secure TLS version, secure ciphers,...etc you gonna have
TLS/https just by name, but it makes no different from having it or not.

Check for e.g: DEF CON 17 - Moxie Marlinspike - More Tricks for
Defeating SSL


So as for DNS (DNSSEC..etc).

Hope this clarify the sentence.

> Guix' bug tracking software is ‘GNU Bug Tracker’. You could ask it on

yeah sadly just no respond (wasn't surprised)

Maxime Devos:
Toggle quote (56 lines)
> On Thu, 2021-04-15 at 17:00 +0000, bo0od wrote:
>> To be honest i find this bad thing to use emails to do anything rather
>> than online registration and not necessary stuff (means being
>> encrypted,manipulated.. just not something important)
>
> To be honest, I find it a bad thing that many projects (I'm looking at
> GitHub here (*)) only have a web interface, that require registration
> (and often have terms of service I would consider criminal). Then there
> are multiple web sites requiring registration that I need to keep track
> of.
>
> (*) Ok, GitHub has e-mail notifications. But I can't directly reply to them,
> I need to go to the web interface. At least, that was the case N years ago.
>
> I like being able to perform all asynchronuous communication via e-mail,
> instead of via a dozen platforms. With e-mail, you get signing ‘for free’,
> while with $PLATFORMS, you need to rely on each $PLATFORM infrastructure
> or resort to ...
>
> (my intepretation of your words, out of context, with encryption replaced with
> signing)
>> extra tools, where you have to copy the message into the tool, let the
>> tool verify the signature. Or write a message into the tool, let the
>> tool create the signature, and copy the message+signature into the web
>> interface.
>
>> Email sucks due to:
>> * Messages are not encrypted by default which mean it need an extra tool
>> to do it and commonly used is GPG/PGP + it needs tool to implement this
>> encryption on the messages which mean mail reader/client most commonly
>> one used is thunderbird/icedove <- This method having tremendous
>> security issues check for example: [...]
>
> Not relevant for our purposes. Issues are public. Only PGP for signing is
> relevant here. Also, PGP + Evolution works just fine for me, and evolution
> doesn't download external attachements by default.
>
>> * Most of the time (not always) heavily rely on clearnet which mean
>> issues of TLS/DNS which needs to be hardened otherwise they are exist by
>> names but does nothing.
>
> I couldn't parse this. What does ‘they are exist by names but does nothing’
> mean?
>
>> ..This is out of scope to discuss this in details, I just want to see
>> the bug URL linked to the bottom of the email i receive thats it.
>
> Guix' bug tracking software is ‘GNU Bug Tracker’. You could ask it on
> that project's mailing lists. Now I see you did that already:
> <https://lists.gnu.org/archive/html/help-debbugs/2021-04/msg00000.html>.
>
> I don't have anything else to say on this topic; I'm not sending further replies.
>
> Greetings,
> Maxime.
>
M
M
Maxim Cournoyer wrote on 18 Mar 2022 03:56
(name . Maxime Devos)(address . maximedevos@telenet.be)
875yoc6kaf.fsf@gmail.com
Hi,

Maxime Devos <maximedevos@telenet.be> writes:

Toggle quote (9 lines)
> On Fri, 2021-04-09 at 20:44 +0000, bo0od wrote:
>> This work or i search for it also work, But we are talking making things
>> much easier and its possible through providing the link directly to the
>> ticket in bottom, I believe this practice followed by all major
>> ticketing systems,platforms,projects.. So i dont understand whats the
>> big deal having it here as well.
>
> Mangling e-mails can cause all kinds of trouble.

Definitely agree. This infrastructure being shared across many GNU
project, such a change should also be discussed and made at the level of
the GNU infrastructure rather than Guix.

Thanks,

Maxim
Closed
?