Topic: Update : 0.4.2

=== Version 0.4.2 ===

Bugs :
- Fixed a bug with Cygwin in Windows (thanks to Kevin Hilton and Marco Bonetti for the report and help)

Functionalities:
- Improve performance in Gmail.
When you would open a big conversation with a lot of mail, your browser wouldn't respond for a while.  It's was FireGPG checking to see if there were any signatures in the body.  It was fixed by implementing a limit. FireGPG now checks for signatures no more than once a second !

- Auto-select recipients for crypt in Gmail!
- Find the new mail content in Gmail.
FireGPG can find the new content of your mail if you don't select anythings, but it's very experimental:
- With plain text, don't write lines that begin with '> ' or FireGPG will think it's the beginning of the old mail.
- With Rich formating, write your text before the 'On ... somebody wrote :'.
- Don't switch from plain text to rich formating, we detect an HTML tag in rich formating, which will not be present if you switch.

- Auto detect new versions and propose updates for FireGPG.
Every 24 hours FireGPG will check if it can be updated.  If it can, you will be asked to update. We did this for a few reasons: First, because FireGPG is a critical addon with security, we feel a rapid update process is required. Next, FireGPG will be packaged on Debian servers.  Since an FireGPG update would require a package update, we are setting it up for FireGPG to update itself.  The update system is totally anonymous.

Locales :
- it, zh-CN, zh-TW, tr and pt_BR have been updated, ko-KR has been added.
- Some orthography/grammar errors have been fixed in the French/English locales.
- Translation of some untranslated strings in en-US locale (it was in French)

Misc :
- Added AUTHORS, COPYING and README in the XPI file
- In regards to full support of OpenPGP/Mime, we're working on it.  We're about 20% of the way to completion.
Yes, we will support this!  For the moment, we can get the mime content of a message.  It's was very difficult, Gmail's HTML code is a bit messy.  We have to make a mime parser and decoder.  Then make a signature validator with OpenGPG/Mime, doing this inline is very difficult, but we can do it given some more time (we're human too, and have a life (incredible ^__________^))...

- Don't forget to report bugs to our forum (here ^^) or by email at firegpg@gmail.com !

Re: Update : 0.4.2

Hi and thanks a lot for the update!

About "Auto-select recipients for crypt in Gmail": Right now, firegpg only lists and selects the primary ID (email address) for each key. For example, this here is my key:

C:\Program Files\Windows Privacy Tools\GnuPG>gpg --list-keys
ocuments and Settings/Eric/Application Data/GnuPG\pubring.gpg
-------------------------------------------------------------
1024D/BB465582 2003-04-23 Eric Bodden <ebodde@sable.mcgill.ca>
                           Eric Bodden (Major Key) <eric@bodden.de>
                           Eric Bodden <ericbodden@gmx.de>
                           Eric Bodden <eric.bodden@rwth-aachen.de>
                           Eric Bodden <bodden@i2.informatik.rwth-aachen.de>
...

FireGPG here only lists the first ID, ebodde@sable.mcgill.ca. Would it be able to show/auto-select the other IDs too?

In addition, it would be great if there was an option to now only auto-select the keys but really auto-use them, so that the dialog is not even shown, if a key exists for all recipients.

Thanks!

Eric

Re: Update : 0.4.2

Also about this here:

"With plain text, don't write lines that begin with '> ' or FireGPG will think it's the beginning of the old mail."

Why do you have to recognize the "old mail"? Why not just encrypt everything that's in the input field. Most certainly, one would like to encrypt everything, including what was previously sent, wouldn't one?

Eric

Re: Update : 0.4.2

For the 1) ok.

For the 2) It's for sign (it's not work for the moment with the full message (html tags))

Re: Update : 0.4.2

the_glu wrote:

- Auto detect new versions and propose updates for FireGPG.
Every 24 hours FireGPG will check if it can be updated.  If it can, you will be asked to update. We did this for a few reasons: First, because FireGPG is a critical addon with security, we feel a rapid update process is required. Next, FireGPG will be packaged on Debian servers.  Since an FireGPG update would require a package update, we are setting it up for FireGPG to update itself.  The update system is totally anonymous.

I understand your desire to want to keep this up to date, but I don't see the necessity of going outside the normal Firefox update process to do so. Whenever I (re)start my firefox (which is at least once every 24 hours) I am always promptly informed of updates to extensions. This happens before FireFox loads, which is ideal. Your update process is annoying as it occurs after FireFox loads, and so caused me to lose my saved browser state (tabs and such).

I also use Debian, and will switch to the package when it's released to unstable, but I would still prefer NOT to receive your updates over the web, but rather through the VERY competent Debian update and security-update processes.

If you're not willing to remove the automatic updates, at least think about please providing a configuration option to disable the automatic update process for others such as myself.

FYI, this issue caused a stir recently on the Debian Policy mailing list in regards to Azureus's use of similar automatic updates. The consensus seemed to be that such a feature should be disabled on debian systems, which I suspect means you might have trouble getting a package into Debian that supports the automatic update feature. Here's an example post from a prominent Debian Developer on the subject: http://lists.debian.org/debian-policy/2 … 00034.html

Thanks for the great product,
Cameron

Re: Update : 0.4.2

camrdale ->

- You aren't have to restart FF I you will restart it later...
- Maybe you update as fast a possible, but not every body, there are some users who simply turn off the updates.
- With debian package, old repository versions will not be updated.

FireGPG is in developpment. There can have security issue, and we need to update as fast as possible. Wee WANT to haven't any users with a old version, so we will make all for this.

I contact you by PM.

Re: Update : 0.4.2

Thanks for the PM, but I am still unconvinced.

> - You aren't have to restart FF I you will restart it later...

Then I don't get the update until later. You're basically saying there's an important update, but not so important that I shouldn't restart Firefox? Is there a problem with the standard FireFox update scheme? It seems to work (and very quickly) for yours and every other extension I have.

> - Maybe you update as fast a possible, but not every body, there are some users who simply turn off the updates.

Right, they've turned off the updates, maybe for a good reason, and you're forcing them to be back on! Warn them on installation that updating is recommended, or add an option to disable the automatic firegpg updates and put a big fat warning next to it saying "it's not recommended" or "make sure the standard firefox updates are enabled", or something.

> - With debian package, old repository versions will not be updated.

I don't understand. You won't be updating the package in the Debian repository? I believe that will get your package quickly removed from the repository.

If you must, go ahead and do everything you can to make the default to check for upgrades, but please please PLEASE give me (and others) a simple option to disable it so I don't have to be faced with update messages all the time if I'm willing to live with the consequences.

Thanks,
Cameron

Re: Update : 0.4.2

> You're basically saying there's an important update, but not so important that I shouldn't restart Firefox?

There an difference between 1 day and 1 week.

> you're forcing them to be back on

No, there are two 'cancel' buttons big_smile.

> I don't understand. You won't be updating the package in the Debian repository? I believe that will get your package quickly removed from the repository.

No, but for sample, I the package came to ubuntu's repository, some old repository aren't updated....


For the option, we will see.

Re: Update : 0.4.2

the_glu wrote:

FireGPG is in developpment. There can have security issue, and we need to update as fast as possible. Wee WANT to haven't any users with a old version, so we will make all for this.

I understand all of your concerns but, right now, firegpg is behaving really badly about security. Even if not so, I too dislike this autoupdate feature: firefox updates really well all of his extensions and, if you're going to package it as a deb this feature will cause you lots of headaches (I talk by experience: I did install enigmail.xpi over enigmail.deb and it was a mess).
So, please, consider removing it or providing a checkbox option.

Re: Update : 0.4.2

sid77 wrote:

firegpg is behaving really badly about security

Yes, so when we fix the smalls problem like the files with password, we need to upgrade very fast ^^.

But we will implement, you're 3 against me ^^.