Re: [Tails-dev] Article OnionMail an anonymous mail server r…

Supprimer ce message

Répondre à ce message
Auteur: Daniel Kahn Gillmor
Date:  
À: Liste, The Tails public development discussion list
Sujet: Re: [Tails-dev] Article OnionMail an anonymous mail server running on Tor
On Mon 2015-09-14 18:21:37 -0400, Liste wrote:
> To use OnionMail in TAILS you need only this:
> https://onionmail.info/network/wizard.tar.gz
> http://louhlbgyupgktsw7.onion/network/wizard.tar.gz
>
> Don't use this:
> https://github.com/onionmail/onionmail-wizard
>
> This is the right sources updated:
> https://github.com/onionmail/TAILS-wizard


Thanks for the links. Are you part of the onionmail project?

> It can't be a Debian official package because is only a python script to
> configure automaticaly claws-mail.
> The source code is in the package.


There are plenty of debian packages that contain a script, a bit of
helper data (like profile.tar.gz and maildir.tar.gz), documentation
(like README) and dependency information. What makes you think this
can't be a debian pacakge?

Take a look at the mb2md package as an example:

https://tracker.debian.org/pkg/mb2md

> It download by wget the server list using tor network and GPG to
> verify.


You're recommending OpenPGP signature verification without indicating
which keys to rely on. that's not very useful.

> Then show a list of available server and ouse RQUS method to create a
> new user.
> Extract an empty claws-mail profile, then configure it with new new mail
> account.
> Generate a new PGP key pair, then send it to the keyserver.
>
> If you want to create an OnionMail server you need the Debian package
> onionmail etc....


I don't believe there is a package for onionmail in debian. Can you
link to the package you're talking about?

> I repeat the question two months ago:
> It makes sense to renew the script to work with graphics?
>
> The answer?
> 29 Public OnionMail hidden services, 43 other onionmail Hidden services,
> over 7000 user on 4 hidden services managed directly by the project.


I don't see how this is an answer to the question you asked above.

I think the answer to the question asked is "yes, a user-friendly
interface for configuring onionmail would be a great thing to have."



I also did a quick skim of the python code. onionmail-wizard appears to
have a remarkable amount of subprocess.Popen calls with shell=True.
This is scary business. Why invoke the shell with all its peril when
you can use popen cleanly, with pythonic argument separation and no risk
of shell metacharacters? Many of these invocations don't need
shell=True, and some of them can probably be rewritten in pure python.


Thanks for your work and advocacy for onionmail!

All the best,

          --dkg