--- /dev/null
+Return-Path: <jrollins@finestructure.net>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+ by olra.theworths.org (Postfix) with ESMTP id 4C51A431FC3\r
+ for <notmuch@notmuchmail.org>; Mon, 29 Jul 2013 08:33:34 -0700 (PDT)\r
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: -2.3\r
+X-Spam-Level: \r
+X-Spam-Status: No, score=-2.3 tagged_above=-999 required=5\r
+ tests=[RCVD_IN_DNSWL_MED=-2.3] autolearn=disabled\r
+Received: from olra.theworths.org ([127.0.0.1])\r
+ by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
+ with ESMTP id Yt9UDycsvy9F for <notmuch@notmuchmail.org>;\r
+ Mon, 29 Jul 2013 08:33:26 -0700 (PDT)\r
+Received: from outgoing-mail.its.caltech.edu (outgoing-mail.its.caltech.edu\r
+ [131.215.239.19])\r
+ by olra.theworths.org (Postfix) with ESMTP id 220BE431FBF\r
+ for <notmuch@notmuchmail.org>; Mon, 29 Jul 2013 08:33:26 -0700 (PDT)\r
+Received: from earth-doxen.imss.caltech.edu (localhost [127.0.0.1])\r
+ by earth-doxen-postvirus (Postfix) with ESMTP id A4AB066E01C7;\r
+ Mon, 29 Jul 2013 08:33:23 -0700 (PDT)\r
+X-Spam-Scanned: at Caltech-IMSS on earth-doxen by amavisd-new\r
+Received: from finestructure.net (cpe-76-173-75-27.socal.res.rr.com\r
+ [76.173.75.27]) (Authenticated sender: jrollins)\r
+ by earth-doxen-submit (Postfix) with ESMTP id 9153266E01A1;\r
+ Mon, 29 Jul 2013 08:33:18 -0700 (PDT)\r
+Received: by finestructure.net (Postfix, from userid 1000)\r
+ id 212F762289; Mon, 29 Jul 2013 08:33:17 -0700 (PDT)\r
+From: Jameson Graef Rollins <jrollins@finestructure.net>\r
+To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>,\r
+ Notmuch Mail <notmuch@notmuchmail.org>\r
+Subject: Re: problems viewing attachments in emacs ui\r
+In-Reply-To: <51F68366.5070900@fifthhorseman.net>\r
+References: <87hafe4ox6.fsf@servo.finestructure.net>\r
+ <87ehai4ns3.fsf@servo.finestructure.net>\r
+ <87ob9lipz5.fsf@zancas.localnet>\r
+ <51F68366.5070900@fifthhorseman.net>\r
+User-Agent: Notmuch/0.15.2+223~g3484372 (http://notmuchmail.org) Emacs/24.3.1\r
+ (x86_64-pc-linux-gnu)\r
+Date: Mon, 29 Jul 2013 08:33:13 -0700\r
+Message-ID: <8738qx4c06.fsf@servo.finestructure.net>\r
+MIME-Version: 1.0\r
+Content-Type: multipart/signed; boundary="=-=-=";\r
+ micalg=pgp-sha256; protocol="application/pgp-signature"\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.13\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+ <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Mon, 29 Jul 2013 15:33:34 -0000\r
+\r
+--=-=-=\r
+Content-Type: text/plain\r
+\r
+On Mon, Jul 29 2013, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:\r
+> hm. there are some pretty serious consequences to feeding arbitrary\r
+> html to your web browser via a file:/// URL. In particular, your\r
+> browser might execute arbitrary javascript (which itself can interact\r
+> with the rest of your web browsing history and/or logged-in sessions),\r
+> and might fetch data from outside sources (leaking at least information\r
+> about when and from where you read your e-mail, and potentially other\r
+> things).\r
+\r
+How is this any different than feeding arbitrary html to your browser\r
+via an http:// URL? In both cases it might execute arbitrary javascript\r
+and interact with the rest of your browsing history. Obviously it's not\r
+any different. I would certainly prefer to interact only with\r
+authenticated content, but that's not a reasonable requirement at the\r
+moment. Until the entire web is https and all emails are signed I will\r
+continue to need to view, with discretion, some unauthenticated html\r
+content.\r
+\r
+I should also point out that the notmuch emacs client processes html\r
+parts directly in the emacs session, which of course faces the same\r
+issues.\r
+\r
+> One other approach that would address some of these other issues might\r
+> be to open the html in a separate, temporary profile for your web\r
+> browser, one that doesn't directly interact with your main web browsing\r
+> profile (or any other browser profile). This would also have the\r
+> advantage of not terminating until the browser profile is closed.\r
+>\r
+> I know that chromium offers as --temp-profile argument that behaves this\r
+> way. I'm not sure how to do it with iceweasel -- you could do it\r
+> manually, with a combination of -ProfileManager and -no-remote, then\r
+> create a new profile, and then when done clean it up afterwards\r
+> manually, but that sounds like a real pain.\r
+\r
+This is a somewhat useful solution, but it faces the same problems of\r
+using multiple sessions when browsing the web.\r
+\r
+But none of this is really addressing the underlying issue, which is\r
+that temporary files provided to external viewers are being deleted\r
+prematurely when the viewer opens them in the background. A more\r
+general solution is still desired.\r
+\r
+jamie.\r
+\r
+--=-=-=\r
+Content-Type: application/pgp-signature\r
+\r
+-----BEGIN PGP SIGNATURE-----\r
+Version: GnuPG v1.4.12 (GNU/Linux)\r
+\r
+iQIcBAEBCAAGBQJR9os5AAoJEO00zqvie6q80TMP/RVteKm2ah6pguYMp5UjLdUB\r
+dhrFxozYu+vZxkSLA9f2ESgs8E2j/Sqgw4u/KqX/Sy85fo4cHGuc6l6IxGRY79K1\r
++8MbYlzRlNrg6pftGSfs3juPsl+h48idqWFLBOeY2HpjdKFmjBgftkEXGjWtHco8\r
+gK1CwLS1c5TC5cU/D1kM2lXKRjI++Nexm4DSq/8RJFnRjZDaKWM4UT6qVnhBqsyv\r
+A9d2SqQy32SylnC5GoQLx4UQEzDoJHb59lNnP+bi2bvypxoOK/B0OPG2l/IHjJz1\r
+o0wbQbcrboAZZehlnnG6+r1weAq7yoPV1XIAHnDKeaC8OVpvah6VPhjGPT3CDnbf\r
+8qlU5Nf+ByccPknY8Zex8ZM3Jm4K6DgW814Ss5CgINzv189pw/GkKEG3BoCaMMuZ\r
+aaslourrzaIESlFVMLw1sSvfll6yFJpGZbqHRJn6As3PrduZ2CsMxSrgCafZcKIC\r
+GOVuWDrFByvXQop6e9uBREkJSg8fv9A5bWVzXev7zVpNY2k12C6AG3lhhU+KAvLj\r
+gOWCrx43iK+4j5tkdB3ubdgcj0eBcTjAjsov5TShR5lRtloJPIAFMko5qqRxTOMI\r
+XP93remEVuB9NK9+0K7Muhq9in20c1dK9+q+sED91tFGcH51+5ufdgTWTho87snK\r
+96fwRNnSquQkj6HliGf5\r
+=71as\r
+-----END PGP SIGNATURE-----\r
+--=-=-=--\r
projects / notmuch-archives.git / commitdiff