[Enigmail] Signature and download files for 0.94.4 do not correspond.....

Olav Seyfarth olav at seyfarth.de
Wed Jul 11 15:44:01 PDT 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello Bo,

> I thought that I sent this to Patrick Brunschwig because the email
> address was named for him in the public key I needed to import from
> the enigmail website. Turns out that it was to a mail list....
> Why is this not mentioned in the key data?

well, it is, kind of: "(Enigmail sig)" and the address "enigmail at mozdev.org"
is a hint that it is a "signing key" only. Such keys are good practice.
I also would not recommend to extract a developers contact address from his
(signing) key.

> I am accessing the list via Gmane newsserver because if I suscribe to
> the email I believe that I will get a lot of messages sent to me,
> which I don't want.

That's perfectly OK this way. It's just impossible to keep the list spam-free
without moderator approval per post then.

> Why is there no official newsserver for enigmail?

There is, see http://enigmail.mozdev.org/newsgroup.html

>> To work that easy, the filename of the file to be verified needs to be the
>> filename of the signature minus the ".asc/.gpg" extension. If GnuPG d doesn't
>> find a matching file , it usually asks for the name of the file to verify.
>
> I got no request just the error message.

Yes. All I wanted to explain to you is that you must have had another error
apart from the naming problem since the error message you quoted is different.

> This technical description does not mean anything to me, I just want
> the Thunderbird extension update to work or the verification signature
> files on the enigmail download page to work. Neither does...

Hmmm, the extension update should work fine. Did you mention that it did not?
And you verified *by hand*, if I did understand you correctly. By hand would
mean to me that you should read the gpg manual aswell. It explains:

   If only a sigfile is given, it may be a complete signature or a detached
   signature, in which case the signed stuff is expected in a file without the
   ".sig" or ".asc" extension.  With more than 1 argument, the first should be
   a detached signature and the remaining files are the signed stuff.

> It still warns that the public key is unsigned, though. I got it from the
> enigmail webpage, but for some reason it is still only semi-valid. How can
> I get a valid signed public key for enigmail?

You would have to sign it *yourself*. Please read some introductory manual
about how PGP and keysigning works.

>> Please try to download the signature again on Thursday.
> Does this fix the problem with Thunderbird 1.5.0.12 extension update
> too???

I cannot tell since I am not aware of Problems with updating Enigmail AddOn
through the usual way (AddOns -> Update). If it still doesn't work, please
explain what exactly you did, expected and what did not work properly.

Thanks,
Olav
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQCVAwUBRpVdLP3SdHpORjpqAQITogP/TJe8vbPa6P/OzhAY3oaP6v7t3YVZpoAC
KeSzw/vIFOTh8VP2G4hlROOWzyiIPh9mqTZx6pMDpEuMwT6bgIHrCcHdjbZzMNJ5
pKM7iGPm5DAe3V27hDQseDgX5y1ATz/Ofe/wlTP+L1IaWBp5Mriz1zVBWMXXrk9o
I1pw6YF7DRo=
=Jo1+
-----END PGP SIGNATURE-----

More information about the Enigmail mailing list