Launchpad now accepts mail commands from gmail

If you use gmail, you should now be able to send commands to Launchpad without gpg-signing.

gmail puts a DKIM cryptographic signature on outgoing mail, which is a cryptographic signature that proves that the mail was sent by gmail and that it was sent by the purported user. We verify the signature on Launchpad and treat that mail as trusted which means, for example, that you can triage bugs over mail or vote on merge proposals. Previously you needed to GPG-sign the mail which is a bit of a hassle for gmail.

(DKIM is signed by the sending domain, not by the user, so it doesn’t inherently prove that the purported sender is the actual one. People could intentionally or unintentionally set up a server that allows intra-domain impersonation, and it’s reported to be easy to misconfigure DKIM signers so that this happens. (Consider a simple SMTP server that accepts, signs and forwards everything from 192.168/16 with no authentication.) However, in cases like gmail we can reasonably assume Google don’t allow one user to impersonate another. We can add other trusted domains on request.)

If you have gmail configured to use some other address as your From address it will still work, as long as you verify both your gmail address and your other address.

You can use email commands to interact with both bugs and code merge proposals. For instance when Launchpad sends you mail about a new bug, you can just reply

  status confirmed
  importance medium

Thanks for letting us know!

We do this using the pydkim library.

Note that you do need at least one leading space before the commands.

If you hit any bugs, let us know.

Tags: , , , , , , ,

16 Responses to “Launchpad now accepts mail commands from gmail”

  1. Craig Says:

    Do you (or will you) be treating DKIM signed mail from other domains the same way?

    If not, it seems strange that you’re treating gmail so special – isn’t the whole point of email that users can use any mail system, and interact with users/services on any other mail system? It seems very backwards and just plain wrong to treat the users of one service better than those of another.

  2. andrewsomething Says:

    Thanks guys, I’ve been waiting for this without even knowing it!

  3. Soren Says:

    That is *excellent* news. Thanks!

  4. Manish Sinha (@m4n1sh) Says:

    I did not know such a thing even exists. It sounds like a great feature.

    Thank you Launchpad team. The previous feature of fine grained subscription was a boon

  5. Martin Pool Says:

    Hi Craig,

    Yes, one reason I was able to implement this is that Gmail are using an open documented standard, DKIM, which anyone else can use too.

    I’m told that there are many domains in the world that attach untrustworthy DKIM signatures or that are misconfigured to sign mail that doesn’t come from the apparent sender. So, much as I would like to, it seems we can’t just turn this on across the board.

    For the moment, as I said, we will add other domains by request.

    Perhaps we can also add a per-address “trust DKIM for this address” flag.

    For the sake of calibrating demand for that feature, do you actually DKIM-sign your mail, and if so from what domain?

  6. Roy H Huddleston Says:

    I think it is a great idea since I really like Gmail and Ubuntu like operating systems.

  7. Eliah Kagan Says:

    Craig said: “It seems very backwards and just plain wrong to treat the users of one service better than those of another.”

    So Launchpad should artificially treat all users badly?

    Gmail conforms to the open standard being used. Other email services that conform will be added if their users request them. So long as that promise is kept, there is no ethical problem.

    Your objection reminds me of the Vonnegut story *Harrison Bergeron*.

  8. Jesse Weinstein Says:

    The problem with this is (as I understand it) is this. Normally gpg-signing of email uses a password that is only stored locally, not transmitted over the ‘net. The password is then used to decrypt the user’s private key and that is used to sign the message. With this change, Launchpad is dropping the need for each user to have their own public key pair, and instead assuming that anyone who can authenticate to Gmail (i.e. anyone with the password to the gmail account in question) is the same real person as the owner of the Launchpad account. This is a big difference in security level and attack surface! It may not be significant in this context, but it shouldn’t be glossed over.

  9. Martin Pool Says:

    @Jesse, you’re right there’s a change. Like most services, Launchpad (and its associated identity services) hangs a lot of trust off access to your email account: if I can read your email I can reset your password and do lots of things with your account, and probably convince a lot of people that I am you. So it’s not a drastic change.

  10. Murray Kucherawy Says:

    “I’m told that there are many domains in the world that attach untrustworthy DKIM signatures or that are misconfigured to sign mail that doesn’t come from the apparent sender. So, much as I would like to, it seems we can’t just turn this on across the board.”

    A domain applying a signature that isn’t the same as the author (From:) domain isn’t a misconfiguration. A mailing list, for example, is perfectly within its rights — in fact, it’s encouraged by RFC6377 — to sign mail transiting it, which means the DKIM domain and the From: domain will often not match.

    A DKIM signature only proves that the mail you’re looking at was handled by the domain that signed it. DKIM makes no connection between the signer and the author. You can do that yourself if you want to, but it’s not required by DKIM.

    See RFC6376 (DKIM Draft Standard) for details.

  11. Martin Pool Says:

    Hi Murray,

    My assertion about misconfiguration was a bit inexact. I do realize that DKIM encourages domains to sign mail they did not originate and that lists are one particular important case where this will happen.

    Basically we are overloading DKIM to say that, for particular domains, if it is signed by that domain, and it is also From or Sender-from that domain, it is really from the purported user. Lists, forwarding mail for other people, are not very relevant to this.

    The case I was concerned about is where smtp.example.com accepts mail from anyone on its internal network and forwards and signs it without any further authentication. They’re not breaching the DKIM spec, but they are allowing intra-domain impersonation, which I think is a bit undesirable. Whether that counts as ‘misconfiguration’ I suppose is subjective.

  12. Carlos Vásquez Says:

    Hi Martin. We use GoogleApps for our mail. We set-up DKIM on our domain so Google can sign our outgoing mail. I tried to send a bug report from my account but I got the signature error.

    I also configured my personal Gmail address on my Google apps account so I can send email from my personal address from the same interface. I also tried with my gmail address with no success.

    I think that GoogleApps with DKIM signature active should be treated as gmail accounts, I am willing to help you figure out how to do this.

  13. Martin Pool Says:

    Hi Carlos, yes, “Apps for Domains” is not supported yet – at the time I implemented this, they did not sign it at all. https://bugs.launchpad.net/launchpad/+bug/917041

  14. Eglefino Says:

    It’s so strange that ‘Launchpad’ have no serious person which I can have contact about my e-mailaddress.
    At the last large virus-crashes by Google, Launchpad, SourceForch e.s.o in 2010 a high member of Launchpad had emailed me, with the ask to delete/block my Google emailaddress by Lauchpad, because I was sending viruses to Launchpad from my computer…. (????) That’s strange because I have no emailprogram on my computer, I have only netmail from Google.
    So….. the high member ????? mr.X had not deleted my e-mailaddress, it’s there… but I cannot use it. It is also strange that if I want to connect my Ymail-address with my Gmail-address, that Yahoo a message gives that my Gmail is blocked.
    I never gave a block to noboddy and it’s even not in my set-up, so how far goes an blocked e-mailaddress of Lauchpad???

    Today I login with this new e-mailaddress and read this item…. Lauchpad accept also Gmail because of his encryption…. is that not a little late?? I’ m not the only person which have my problems…. a blocked e-mailaddress with different or several reasons. To connect with Lauchpad-help it’s terrible, I can write a help-form or a contact-form…. never came any answer.
    That’s a nice ‘welcome’ to new members, who try to work with Ubuntu or something like that.
    It’ s crazy that a company as Launchpad give such a bad service to new members!!!
    And it’s no excuse that the encryption of Gmail was the ‘stumbling block’ because every member needs respect!

    ~ I’ m open, honest and sincere to myself and to others….! ~

  15. Martin Pool Says:

    Hi Eglefino,

    Normally Launchpad people do answer all support requests. Where did you post yours?

    If both Yahoo and Launchpad are blocking your Gmail account, then it may have been taken over by a malicious person. Check out the suggestions in https://support.google.com/mail/bin/answer.py?hl=en&answer=50270&topic=1669055&ctx=topic

  16. Ways to be an awesome community member: help out with user questions! | Where Eagles Dare Says:

    […] the language(s) you’ve chosen. You don’t even need to visit Launchpad’s website to answer—if you have Gmail, you can answer right away by just replying to the […]

Leave a Reply