Add link to the ticket when someone reply

OpenSubmitted by bo0od.
Details
4 participants
  • bo0od
  • Leo Famulari
  • Maxime Devos
  • Bonface Munyoki K.
Owner
unassigned
Severity
normal
B
(address . bug-guix@gnu.org)
149fbff7-889c-acc2-09d1-e79edfd29ec0@riseup.net
Hi There,
When someone reply to my ticket and receive the message through email there is no URL included to the ticket, Which mean if i forgot what i have wrote before then i need to go and see what was the conversation by using ticket title in gnu bug which not nice.
Please add URL of the ticket always to the bottom.
ThX!
L
L
Leo Famulari wrote on 8 Apr 20:45 +0200
(name . bo0od)(address . bo0od@riseup.net)(address . 47660@debbugs.gnu.org)
YG9PUyO76BUMNypK@jasmine.lan
On Thu, Apr 08, 2021 at 05:38:59PM +0000, bo0od wrote:
Toggle quote (9 lines)> Hi There,> > When someone reply to my ticket and receive the message through email there> is no URL included to the ticket, Which mean if i forgot what i have wrote> before then i need to go and see what was the conversation by using ticket> title in gnu bug which not nice.> > Please add URL of the ticket always to the bottom.
If you find yourself forgetting, you can use the bug number.
The bug number is in the email address and the subject line, and you canuse it like this:
https://issues.guix.gnu.org/issue/47660
Does that help?
B
(name . Leo Famulari)(address . leo@famulari.name)(address . 47660@debbugs.gnu.org)
3fc025b1-aa56-aec6-5c0a-80f8562f0e8e@riseup.net
This work or i search for it also work, But we are talking making things much easier and its possible through providing the link directly to the ticket in bottom, I believe this practice followed by all major ticketing systems,platforms,projects.. So i dont understand whats the big deal having it here as well.


Leo Famulari:
Toggle quote (19 lines)> On Thu, Apr 08, 2021 at 05:38:59PM +0000, bo0od wrote:>> Hi There,>>>> When someone reply to my ticket and receive the message through email there>> is no URL included to the ticket, Which mean if i forgot what i have wrote>> before then i need to go and see what was the conversation by using ticket>> title in gnu bug which not nice.>>>> Please add URL of the ticket always to the bottom.> > If you find yourself forgetting, you can use the bug number.> > The bug number is in the email address and the subject line, and you can> use it like this:> > https://issues.guix.gnu.org/issue/47660> > Does that help?>
M
M
Maxime Devos wrote on 10 Apr 12:45 +0200
(address . 47660@debbugs.gnu.org)
ce761b2c96ada1f4beadc36ed040e62c796aa2d2.camel@telenet.be
On Fri, 2021-04-09 at 20:44 +0000, bo0od wrote:
Toggle quote (6 lines)> This work or i search for it also work, But we are talking making things > much easier and its possible through providing the link directly to the > ticket in bottom, I believe this practice followed by all major > ticketing systems,platforms,projects.. So i dont understand whats the > big deal having it here as well.
Mangling e-mails can cause all kinds of trouble.
It would mess up git patches, break messages signed with PGP or S/MIME(does anyone here actually use S/MIME?), makes some headers used forspam detection (and more generally, detecting forged mails) invalid,which will lead to messages from the mailing list and @debbugs.gnu.orgbe marked as spam ...
Greetings,Maxime.
-----BEGIN PGP SIGNATURE-----
iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYHGBxhccbWF4aW1lZGV2b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7kGTAQC7B+hZeoz568SzYnh0juAAleAE3+QMp3zZyimCqQMvbgEA3Lel7XDOuqrPHdhJDrXLBQKaW2ckfQYhGWcLcNdWnAo==rdNr-----END PGP SIGNATURE-----

B
(address . 47660@debbugs.gnu.org)
3fb53146-829a-3829-a1b3-2828f6d03e9a@riseup.net
what are you talking about? who uses PGP/GPG for a public ticket tracking system?...
gitlab,github,trac...etc all giving the ticket URL on the bottom of the message nothing with magic im suggesting here.
Maxime Devos:
Toggle quote (18 lines)> On Fri, 2021-04-09 at 20:44 +0000, bo0od wrote:>> This work or i search for it also work, But we are talking making things>> much easier and its possible through providing the link directly to the>> ticket in bottom, I believe this practice followed by all major>> ticketing systems,platforms,projects.. So i dont understand whats the>> big deal having it here as well.> > Mangling e-mails can cause all kinds of trouble.> > It would mess up git patches, break messages signed with PGP or S/MIME> (does anyone here actually use S/MIME?), makes some headers used for> spam detection (and more generally, detecting forged mails) invalid,> which will lead to messages from the mailing list and @debbugs.gnu.org> be marked as spam ...> > Greetings,> Maxime.>
M
M
Maxime Devos wrote on 10 Apr 18:44 +0200
(address . 47660@debbugs.gnu.org)
d2df07bbc70a175ec6bc5495df276eb32eb76c33.camel@telenet.be
On Sat, 2021-04-10 at 14:20 +0000, bo0od wrote:
Toggle quote (3 lines)> what are you talking about? who uses PGP/GPG for a public ticket > tracking system?...
I do, Chris Marusich does, Léo Le Bouter does, Efraim Flashner does.I probably could find some more examples in my mail archive somewhere.Why shouldn't they use PGP? Signing e-mails with PGP allows therecipient to verify the e-mails actually came from the supposed sender.
Remember, general discussion is done via e-mails on guix-devel@gnu.org,bug reports are done via e-mails on bug-guix@gnu.org and NNN@debbugs.gnu.organd patches are done via e-mails on guix-patches@gnu.org and NNN@debbugs.gnu.org.
Practical use case:* I want to test (and, if I were a committer, perhaps merge) one of the gnome patch series (bug#47643, by Raghav Gururajan and revised by Leo Prikler).* I look over the source code changes, and don't see any obvious nefariousity, but perhaps I missed something ...* I trust Leo Prikler not to introduce non-obvious nefariousity.
However, e-mail is an unreliable medium, so this patch series might be modified by an attacker on-route to my system (and the systems of other people) and the attacker might have introduced non-obious nefariousity.* I know Leo Prikler signs patch series. The attacker cannot, however, so the attacker sends the (forged) patch series unsigned.* /me asks Leo Prikler why the patch series is unsigned.* The attacker's evil plan is foiled!
Actually, IIRC, Leo Prikler does not sign patch series. It's just an example!
Also, regardless of whether PGP is used, the mangling messes up some headers(DKIM, IIRC), leading to e-mails being marked as spam. IIUC, debbugs or themailing list software used to mangle messages, but that is now disabled for(at least) that reason.
Greetings,Maxime.
-----BEGIN PGP SIGNATURE-----
iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYHHV5BccbWF4aW1lZGV2b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7icUAP0RZIMk731BNW3fkQxHxbdnADjtLGkC2AwCSRf13b5uzAD8DOhm9iSsIXsIGFd+992N/mVzfYi0DmAgYln535LP5QU==re8d-----END PGP SIGNATURE-----

B
(address . 47660@debbugs.gnu.org)
6496319d-cde6-54bb-5bd7-64e06bf1eab2@riseup.net
yeah patches provided by email is a mess, thought these stuff are done using git only since guix is rely on it so emails/tickt system just used for answering/solving issues.
also thought you were talking about encrypting the messages thats why i asked who uses that.
for the spam part i dont know about solution for it, but what i know for sure this is wrong/strange less useful behavior that i dont know any main project doing it. (which is not attaching link for the ticket,actually sometimes they even attach link to the reply itself within the email not just the ticket itself...).
Maxime Devos:
Toggle quote (38 lines)> On Sat, 2021-04-10 at 14:20 +0000, bo0od wrote:>> what are you talking about? who uses PGP/GPG for a public ticket>> tracking system?...> > I do, Chris Marusich does, Léo Le Bouter does, Efraim Flashner does.> I probably could find some more examples in my mail archive somewhere.> Why shouldn't they use PGP? Signing e-mails with PGP allows the> recipient to verify the e-mails actually came from the supposed sender.> > Remember, general discussion is done via e-mails on guix-devel@gnu.org,> bug reports are done via e-mails on bug-guix@gnu.org and NNN@debbugs.gnu.org> and patches are done via e-mails on guix-patches@gnu.org and NNN@debbugs.gnu.org.> > Practical use case:> * I want to test (and, if I were a committer, perhaps merge) one of the gnome> patch series (bug#47643, by Raghav Gururajan and revised by Leo Prikler).> * I look over the source code changes, and don't see any obvious nefariousity,> but perhaps I missed something ...> * I trust Leo Prikler not to introduce non-obvious nefariousity.> > However, e-mail is an unreliable medium, so this patch series might be modified> by an attacker on-route to my system (and the systems of other people) and the> attacker might have introduced non-obious nefariousity.> * I know Leo Prikler signs patch series. The attacker cannot, however, so the> attacker sends the (forged) patch series unsigned.> * /me asks Leo Prikler why the patch series is unsigned.> * The attacker's evil plan is foiled!> > Actually, IIRC, Leo Prikler does not sign patch series. It's just an example!> > Also, regardless of whether PGP is used, the mangling messes up some headers> (DKIM, IIRC), leading to e-mails being marked as spam. IIUC, debbugs or the> mailing list software used to mangle messages, but that is now disabled for> (at least) that reason.> > Greetings,> Maxime.>
B
B
Bonface Munyoki K. wrote on 15 Apr 16:24 +0200
(name . bo0od)(address . bo0od@riseup.net)
86im4nmxrs.fsf@bonfacemunyoki.com
bo0od <bo0od@riseup.net> writes:
Toggle quote (4 lines)> what are you talking about? who uses PGP/GPG for> a public ticket tracking system?...>
I do. I sign my e-mails as a guarantee to myrecipients that what you get is truly fromme. That plus my mail client makes that-- signingemails-- way easy to do. I also sign all mycommits, even on the major platforms. FWIW, evenon GH, and GL, you could sign your emails whenreplying to an email, thereby having therecipients on the Cc see your pgp/ gpg signature,while GL/ GH scrapes it off when displaying it'scontents. However, there are people who sign emailinline. Here's one such example:https://github.com/alezost/guix.el/issues/39
PS: If you use gnus from Emacs, you should read:https://www.gnu.org/software/emacs/manual/html_node/message/Signing-and-encryption.html#Signing-and-encryptionIn my Emacs, I have:
Toggle snippet (17 lines)(use-package mm-encode :config (setq mm-encrypt-option 'guided) (setq mm-sign-option 'guided))
(use-package mml-sec :config (setq mml-secure-openpgp-encrypt-to-self t) (setq mml-secure-openpgp-sign-with-sender t) (setq mml-secure-smime-encrypt-to-self t) (setq mml-secure-smime-sign-with-sender t))
(use-package epa-file :config (setq epa-file-cache-passphrase-for-symmetric-encryption nil))

Toggle quote (29 lines)> gitlab,github,trac...etc all giving the ticket> URL on the bottom of the message nothing with> magic im suggesting here.>> Maxime Devos:>> On Fri, 2021-04-09 at 20:44 +0000, bo0od wrote:>>> This work or i search for it also work, But we>>> are talking making things much easier and its>>> possible through providing the link directly>>> to the ticket in bottom, I believe this>>> practice followed by all major ticketing>>> systems,platforms,projects.. So i dont>>> understand whats the big deal having it here>>> as well.>> Mangling e-mails can cause all kinds of>> trouble. It would mess up git patches, break>> messages signed with PGP or S/MIME (does anyone>> here actually use S/MIME?), makes some headers>> used for spam detection (and more generally,>> detecting forged mails) invalid, which will>> lead to messages from the mailing list and>> @debbugs.gnu.org be marked as spam ...>> Greetings, Maxime.>> >>>>
-- BonfaceM. K. D4F09EB110177E03C28E2FE1F5BBAE1E0392253FHumble GNU Emacs User / Bearer of scheme-y parensCurator: https://upbookclub.com / Twitter:@BonfaceKilz
-----BEGIN PGP SIGNATURE-----
iQJKBAEBCAA0FiEE1PCesRAXfgPCji/h9buuHgOSJT8FAmB4TIsWHG1lQGJvbmZhY2VtdW55b2tpLmNvbQAKCRD1u64eA5IlP+W/D/0e87gcSzWVRKlwH7jBxBHnYaG4l6x5B10nugEo9XC+jf0ZGhfKe6qgjrzi3bGk8KPES/ErGsG0QpX6Ttlo1AELoz2adjdGtwGIU3HwHbK3fB9jp4LGoTrBpZz2YCzYOJM7lixZhf00ZWupTirCYA1yWLHgtQUKlDE7+j2ULpoQKmgIljyfVeL+U7/geonDx/sweE654oBiZIqV8b4gowjLTUXfwexuuapYMrvACLnDHYw0AvFy9470iDdO+LVyFC6E34erIy53yhK9B8dWERuJv8+znLRqvaEEjpJYixyAQy1EQzedNHejAXdPfknaVJP0+Q6iYxdz7rqoXQDui3/mc1lQYniXhpPDaqogsaywBlHpXUkfs9AZAjKODra2XZ1RYz7p3a4CK0TdJVLHt/hs1opb7yxIBo/JVT++bOEQWjdr7JYLraDIw8M3LNdg1RzQdjt9z8BB7McjWnLYxWYb+buWhPEgh+dUlEiCrLAdOjKrG90KyI4s1Oe+OjZM5TUqqp0pmKpOJqv0L17KgmuNTrFg6NRBxD113rq0ULHQaWQOd2Dwoz434aVvK/jgqnE9hloIK5EjdRhPjH3Z6jeRByhMuBhRgFcGNIPG6BLi1yWMlVc8oh39EgtxyobFtHJvicCsx7yFsx8P4aNVQiOCYwkFxHjg4KMdBtRqTQ9FfQ===nyvZ-----END PGP SIGNATURE-----
B
(name . Bonface Munyoki K.)(address . me@bonfacemunyoki.com)
be8288f6-f500-3090-4612-975568d47882@riseup.net
To be honest i find this bad thing to use emails to do anything rather than online registration and not necessary stuff (means being encrypted,manipulated.. just not something important)
Email sucks due to:* Messages are not encrypted by default which mean it need an extra tool to do it and commonly used is GPG/PGP + it needs tool to implement this encryption on the messages which mean mail reader/client most commonly one used is thunderbird/icedove <- This method having tremendous security issues check for example:
- https://efail.de/- https://www.whonix.org/wiki/OpenPGP#Issues_with_PGP
* Most of the time (not always) heavily rely on clearnet which mean issues of TLS/DNS which needs to be hardened otherwise they are exist by names but does nothing.

..This is out of scope to discuss this in details, I just want to see the bug URL linked to the bottom of the email i receive thats it.
Bonface Munyoki K.:
Toggle quote (70 lines)> bo0od <bo0od@riseup.net> writes:> >> what are you talking about? who uses PGP/GPG for>> a public ticket tracking system?...>>> > I do. I sign my e-mails as a guarantee to my> recipients that what you get is truly from> me. That plus my mail client makes that-- signing> emails-- way easy to do. I also sign all my> commits, even on the major platforms. FWIW, even> on GH, and GL, you could sign your emails when> replying to an email, thereby having the> recipients on the Cc see your pgp/ gpg signature,> while GL/ GH scrapes it off when displaying it's> contents. However, there are people who sign email> inline. Here's one such example:> https://github.com/alezost/guix.el/issues/39> > PS: If you use gnus from Emacs, you should read:> https://www.gnu.org/software/emacs/manual/html_node/message/Signing-and-encryption.html#Signing-and-encryption> In my Emacs, I have:> > --8<---------------cut here---------------start------------->8---> (use-package mm-encode> :config (setq mm-encrypt-option 'guided) (setq> mm-sign-option 'guided))> > (use-package mml-sec> :config (setq mml-secure-openpgp-encrypt-to-self> t) (setq mml-secure-openpgp-sign-with-sender t)> (setq mml-secure-smime-encrypt-to-self t) (setq> mml-secure-smime-sign-with-sender t))> > (use-package epa-file> :config (setq> epa-file-cache-passphrase-for-symmetric-encryption> nil))> --8<---------------cut here---------------end--------------->8---> > >> gitlab,github,trac...etc all giving the ticket>> URL on the bottom of the message nothing with>> magic im suggesting here.>>>> Maxime Devos:>>> On Fri, 2021-04-09 at 20:44 +0000, bo0od wrote:>>>> This work or i search for it also work, But we>>>> are talking making things much easier and its>>>> possible through providing the link directly>>>> to the ticket in bottom, I believe this>>>> practice followed by all major ticketing>>>> systems,platforms,projects.. So i dont>>>> understand whats the big deal having it here>>>> as well.>>> Mangling e-mails can cause all kinds of>>> trouble. It would mess up git patches, break>>> messages signed with PGP or S/MIME (does anyone>>> here actually use S/MIME?), makes some headers>>> used for spam detection (and more generally,>>> detecting forged mails) invalid, which will>>> lead to messages from the mailing list and>>> @debbugs.gnu.org be marked as spam ...>>> Greetings, Maxime.>>>>>>>>>>>>
M
M
Maxime Devos wrote on 15 Apr 19:51 +0200
41d350bee8ce1fa0d628bd9e833d6c6ced8765b8.camel@telenet.be
On Thu, 2021-04-15 at 17:00 +0000, bo0od wrote:
Toggle quote (4 lines)> To be honest i find this bad thing to use emails to do anything rather > than online registration and not necessary stuff (means being > encrypted,manipulated.. just not something important)
To be honest, I find it a bad thing that many projects (I'm looking atGitHub here (*)) only have a web interface, that require registration(and often have terms of service I would consider criminal). Then thereare multiple web sites requiring registration that I need to keep trackof.
(*) Ok, GitHub has e-mail notifications. But I can't directly reply to them, I need to go to the web interface. At least, that was the case N years ago.
I like being able to perform all asynchronuous communication via e-mail,instead of via a dozen platforms. With e-mail, you get signing ‘for free’,while with $PLATFORMS, you need to rely on each $PLATFORM infrastructureor resort to ...
(my intepretation of your words, out of context, with encryption replaced with signing)
Toggle quote (12 lines)> extra tools, where you have to copy the message into the tool, let the> tool verify the signature. Or write a message into the tool, let the> tool create the signature, and copy the message+signature into the web> interface.
> Email sucks due to:> * Messages are not encrypted by default which mean it need an extra tool > to do it and commonly used is GPG/PGP + it needs tool to implement this > encryption on the messages which mean mail reader/client most commonly > one used is thunderbird/icedove <- This method having tremendous > security issues check for example: [...]
Not relevant for our purposes. Issues are public. Only PGP for signing isrelevant here. Also, PGP + Evolution works just fine for me, and evolutiondoesn't download external attachements by default.
Toggle quote (4 lines)> * Most of the time (not always) heavily rely on clearnet which mean > issues of TLS/DNS which needs to be hardened otherwise they are exist by > names but does nothing.
I couldn't parse this. What does ‘they are exist by names but does nothing’mean?
Toggle quote (3 lines)> ..This is out of scope to discuss this in details, I just want to see > the bug URL linked to the bottom of the email i receive thats it.
Guix' bug tracking software is ‘GNU Bug Tracker’. You could ask it onthat project's mailing lists. Now I see you did that already:https://lists.gnu.org/archive/html/help-debbugs/2021-04/msg00000.html.
I don't have anything else to say on this topic; I'm not sending further replies.
Greetings,Maxime.
-----BEGIN PGP SIGNATURE-----
iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYHh9HxccbWF4aW1lZGV2b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7qnkAP4hh1zs5Xk4keXwOCas83ai+5g62cNdNNK1p2dNKA3P8wD+IVn2EsogBmvAJ4oEAgzoibsrxklu4Bd0qRNQN6uSsgk==y73D-----END PGP SIGNATURE-----

B
cd2209bf-be85-20e1-ec65-1f9da50b7ae9@riseup.net
Not gonna go with details about email thing (not what the ticket is about), But just clarify what you asked:
> I couldn't parse this. What does ‘they are exist by names but does nothing’ > mean?
having TLS connection is not oh wow im secured now. TLS has versions and many other stuff like ciphers , HSTS ...etc if not all of them lined securely mean secure TLS version, secure ciphers,...etc you gonna have TLS/https just by name, but it makes no different from having it or not.
Check for e.g: DEF CON 17 - Moxie Marlinspike - More Tricks for Defeating SSL
https://yewtu.be/watch?v=5dhSN9aEljg
So as for DNS (DNSSEC..etc).
Hope this clarify the sentence.
> Guix' bug tracking software is ‘GNU Bug Tracker’. You could ask it on
yeah sadly just no respond (wasn't surprised)
Maxime Devos:
Toggle quote (56 lines)> On Thu, 2021-04-15 at 17:00 +0000, bo0od wrote:>> To be honest i find this bad thing to use emails to do anything rather>> than online registration and not necessary stuff (means being>> encrypted,manipulated.. just not something important)> > To be honest, I find it a bad thing that many projects (I'm looking at> GitHub here (*)) only have a web interface, that require registration> (and often have terms of service I would consider criminal). Then there> are multiple web sites requiring registration that I need to keep track> of.> > (*) Ok, GitHub has e-mail notifications. But I can't directly reply to them,> I need to go to the web interface. At least, that was the case N years ago.> > I like being able to perform all asynchronuous communication via e-mail,> instead of via a dozen platforms. With e-mail, you get signing ‘for free’,> while with $PLATFORMS, you need to rely on each $PLATFORM infrastructure> or resort to ...> > (my intepretation of your words, out of context, with encryption replaced with> signing)>> extra tools, where you have to copy the message into the tool, let the>> tool verify the signature. Or write a message into the tool, let the>> tool create the signature, and copy the message+signature into the web>> interface.> >> Email sucks due to:>> * Messages are not encrypted by default which mean it need an extra tool>> to do it and commonly used is GPG/PGP + it needs tool to implement this>> encryption on the messages which mean mail reader/client most commonly>> one used is thunderbird/icedove <- This method having tremendous>> security issues check for example: [...]> > Not relevant for our purposes. Issues are public. Only PGP for signing is> relevant here. Also, PGP + Evolution works just fine for me, and evolution> doesn't download external attachements by default.> >> * Most of the time (not always) heavily rely on clearnet which mean>> issues of TLS/DNS which needs to be hardened otherwise they are exist by>> names but does nothing.> > I couldn't parse this. What does ‘they are exist by names but does nothing’> mean?> >> ..This is out of scope to discuss this in details, I just want to see>> the bug URL linked to the bottom of the email i receive thats it.> > Guix' bug tracking software is ‘GNU Bug Tracker’. You could ask it on> that project's mailing lists. Now I see you did that already:> <https://lists.gnu.org/archive/html/help-debbugs/2021-04/msg00000.html>.> > I don't have anything else to say on this topic; I'm not sending further replies.> > Greetings,> Maxime.>
?