--- /dev/null
+Return-Path: <dkg@fifthhorseman.net>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+ by arlo.cworth.org (Postfix) with ESMTP id 6D20F6DE026C\r
+ for <notmuch@notmuchmail.org>; Mon, 8 Aug 2016 16:53:25 -0700 (PDT)\r
+X-Virus-Scanned: Debian amavisd-new at cworth.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: -0.053\r
+X-Spam-Level: \r
+X-Spam-Status: No, score=-0.053 tagged_above=-999 required=5\r
+ tests=[AWL=-0.053] autolearn=disabled\r
+Received: from arlo.cworth.org ([127.0.0.1])\r
+ by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024)\r
+ with ESMTP id hC-1n4sNOto7 for <notmuch@notmuchmail.org>;\r
+ Mon, 8 Aug 2016 16:53:17 -0700 (PDT)\r
+Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118])\r
+ by arlo.cworth.org (Postfix) with ESMTP id 0AE696DE0188\r
+ for <notmuch@notmuchmail.org>; Mon, 8 Aug 2016 16:53:17 -0700 (PDT)\r
+Received: from fifthhorseman.net (unknown [38.109.115.130])\r
+ by che.mayfirst.org (Postfix) with ESMTPSA id 0D7A4F98B\r
+ for <notmuch@notmuchmail.org>; Mon, 8 Aug 2016 19:53:15 -0400 (EDT)\r
+Received: by fifthhorseman.net (Postfix, from userid 1000)\r
+ id 2712D201E2; Mon, 8 Aug 2016 19:35:17 -0400 (EDT)\r
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>\r
+To: Notmuch Mail <notmuch@notmuchmail.org>\r
+Subject: [PATCH v2] Omit User-Agent: header by default\r
+Date: Mon, 8 Aug 2016 19:35:17 -0400\r
+Message-Id: <1470699317-30598-1-git-send-email-dkg@fifthhorseman.net>\r
+X-Mailer: git-send-email 2.8.1\r
+In-Reply-To: <874m6uvpe0.fsf@maritornes.cs.unb.ca>\r
+References: <874m6uvpe0.fsf@maritornes.cs.unb.ca>\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.20\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+ <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <https://notmuchmail.org/mailman/options/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch/>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <https://notmuchmail.org/mailman/listinfo/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Mon, 08 Aug 2016 23:53:25 -0000\r
+\r
+The User-Agent: header can be fun and interesting, but it also leaks\r
+quite a bit of information about the user and their software stack.\r
+\r
+This represents a potential security risk (attackers can target the\r
+particular stack) and also an anonymity risk (a user trying to\r
+preserve their anonymity by sending mail from a non-associated account\r
+might reveal quite a lot of information if their choice of mail user\r
+agent is exposed).\r
+\r
+This change also avoids hiding the User-Agent header by default, so\r
+that people who decide they want to send it will at least see it (and\r
+can edit it if they want to) before sending.\r
+\r
+It makes sense to have safer defaults.\r
+---\r
+ emacs/notmuch-mua.el | 4 ++--\r
+ test/T310-emacs.sh | 16 ----------------\r
+ 2 files changed, 2 insertions(+), 18 deletions(-)\r
+\r
+diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el\r
+index 1ca8056..f3a4e5a 100644\r
+--- a/emacs/notmuch-mua.el\r
++++ b/emacs/notmuch-mua.el\r
+@@ -62,7 +62,7 @@ disabled: this would result in an incorrect behavior."))\r
+ (const :tag "Compose mail in a new window" new-window)\r
+ (const :tag "Compose mail in a new frame" new-frame)))\r
+ \r
+-(defcustom notmuch-mua-user-agent-function 'notmuch-mua-user-agent-full\r
++(defcustom notmuch-mua-user-agent-function nil\r
+ "Function used to generate a `User-Agent:' string. If this is\r
+ `nil' then no `User-Agent:' will be generated."\r
+ :type '(choice (const :tag "No user agent string" nil)\r
+@@ -73,7 +73,7 @@ disabled: this would result in an incorrect behavior."))\r
+ :value notmuch-mua-user-agent-full))\r
+ :group 'notmuch-send)\r
+ \r
+-(defcustom notmuch-mua-hidden-headers '("^User-Agent:")\r
++(defcustom notmuch-mua-hidden-headers nil\r
+ "Headers that are added to the `message-mode' hidden headers\r
+ list."\r
+ :type '(repeat string)\r
+diff --git a/test/T310-emacs.sh b/test/T310-emacs.sh\r
+index 65c1728..202fc3b 100755\r
+--- a/test/T310-emacs.sh\r
++++ b/test/T310-emacs.sh\r
+@@ -193,7 +193,6 @@ emacs_deliver_message \\r
+ (kill-whole-line)\r
+ (insert "To: user@example.com\n")'\r
+ sed \\r
+- -e s',^User-Agent: Notmuch/.* Emacs/.*,User-Agent: Notmuch/XXX Emacs/XXX,' \\r
+ -e s',^Message-ID: <.*>$,Message-ID: <XXX>,' \\r
+ -e s',^\(Content-Type: text/plain\); charset=us-ascii$,\1,' < sent_message >OUTPUT\r
+ cat <<EOF >EXPECTED\r
+@@ -201,7 +200,6 @@ From: Notmuch Test Suite <test_suite@notmuchmail.org>\r
+ To: user@example.com\r
+ Subject: Testing message sent via SMTP\r
+ Date: 01 Jan 2000 12:00:00 -0000\r
+-User-Agent: Notmuch/XXX Emacs/XXX\r
+ Message-ID: <XXX>\r
+ MIME-Version: 1.0\r
+ Content-Type: text/plain\r
+@@ -310,7 +308,6 @@ test_emacs '(let ((message-hidden-headers ''()))\r
+ (test-output))'\r
+ sed -i -e 's/^In-Reply-To: <.*>$/In-Reply-To: <XXX>/' OUTPUT\r
+ sed -i -e 's/^References: <.*>$/References: <XXX>/' OUTPUT\r
+-sed -i -e 's,^User-Agent: Notmuch/.* Emacs/.*,User-Agent: Notmuch/XXX Emacs/XXX,' OUTPUT\r
+ cat <<EOF >EXPECTED\r
+ From: Notmuch Test Suite <test_suite@notmuchmail.org>\r
+ To: user@example.com\r
+@@ -318,7 +315,6 @@ Subject: Re: Testing message sent via SMTP\r
+ In-Reply-To: <XXX>\r
+ Fcc: ${MAIL_DIR}/sent\r
+ References: <XXX>\r
+-User-Agent: Notmuch/XXX Emacs/XXX\r
+ --text follows this line--\r
+ Notmuch Test Suite <test_suite@notmuchmail.org> writes:\r
+ \r
+@@ -335,7 +331,6 @@ test_emacs "(let ((message-hidden-headers '()))\r
+ (notmuch-test-wait)\r
+ (notmuch-search-reply-to-thread)\r
+ (test-output))"\r
+-sed -i -e 's,^User-Agent: Notmuch/.* Emacs/.*,User-Agent: Notmuch/XXX Emacs/XXX,' OUTPUT\r
+ cat <<EOF >EXPECTED\r
+ From: Notmuch Test Suite <test_suite_other@notmuchmail.org>\r
+ To: Sender <sender@example.com>\r
+@@ -343,7 +338,6 @@ Subject: Re: ${test_subtest_name}\r
+ In-Reply-To: <${gen_msg_id}>\r
+ Fcc: ${MAIL_DIR}/sent\r
+ References: <${gen_msg_id}>\r
+-User-Agent: Notmuch/XXX Emacs/XXX\r
+ --text follows this line--\r
+ Sender <sender@example.com> writes:\r
+ \r
+@@ -361,7 +355,6 @@ test_emacs "(let ((message-hidden-headers '()))\r
+ (notmuch-test-wait)\r
+ (notmuch-search-reply-to-thread)\r
+ (test-output))"\r
+-sed -i -e 's,^User-Agent: Notmuch/.* Emacs/.*,User-Agent: Notmuch/XXX Emacs/XXX,' OUTPUT\r
+ cat <<EOF >EXPECTED\r
+ From: Notmuch Test Suite <test_suite@notmuchmail.org>\r
+ To: Sender <sender@example.com>, someone@example.com\r
+@@ -369,7 +362,6 @@ Subject: Re: ${test_subtest_name}\r
+ In-Reply-To: <${gen_msg_id}>\r
+ Fcc: ${MAIL_DIR}/sent\r
+ References: <${gen_msg_id}>\r
+-User-Agent: Notmuch/XXX Emacs/XXX\r
+ --text follows this line--\r
+ Sender <sender@example.com> writes:\r
+ \r
+@@ -382,7 +374,6 @@ test_emacs '(let ((message-hidden-headers ''()))\r
+ (notmuch-show "id:20091118002059.067214ed@hikari")\r
+ (notmuch-show-reply)\r
+ (test-output))'\r
+-sed -i -e 's,^User-Agent: Notmuch/.* Emacs/.*,User-Agent: Notmuch/XXX Emacs/XXX,' OUTPUT\r
+ cat <<EOF >EXPECTED\r
+ From: Notmuch Test Suite <test_suite@notmuchmail.org>\r
+ To: Adrian Perez de Castro <aperez@igalia.com>, notmuch@notmuchmail.org\r
+@@ -390,7 +381,6 @@ Subject: Re: [notmuch] Introducing myself\r
+ In-Reply-To: <20091118002059.067214ed@hikari>\r
+ Fcc: ${MAIL_DIR}/sent\r
+ References: <20091118002059.067214ed@hikari>\r
+-User-Agent: Notmuch/XXX Emacs/XXX\r
+ --text follows this line--\r
+ Adrian Perez de Castro <aperez@igalia.com> writes:\r
+ \r
+@@ -447,7 +437,6 @@ test_emacs '(let ((message-hidden-headers ''()))\r
+ (notmuch-show "id:cf0c4d610911171136h1713aa59w9cf9aa31f052ad0a@mail.gmail.com")\r
+ (notmuch-show-reply)\r
+ (test-output))'\r
+-sed -i -e 's,^User-Agent: Notmuch/.* Emacs/.*,User-Agent: Notmuch/XXX Emacs/XXX,' OUTPUT\r
+ cat <<EOF >EXPECTED\r
+ From: Notmuch Test Suite <test_suite@notmuchmail.org>\r
+ To: Alex Botero-Lowry <alex.boterolowry@gmail.com>, notmuch@notmuchmail.org\r
+@@ -455,7 +444,6 @@ Subject: Re: [notmuch] preliminary FreeBSD support\r
+ In-Reply-To: <cf0c4d610911171136h1713aa59w9cf9aa31f052ad0a@mail.gmail.com>\r
+ Fcc: ${MAIL_DIR}/sent\r
+ References: <cf0c4d610911171136h1713aa59w9cf9aa31f052ad0a@mail.gmail.com>\r
+-User-Agent: Notmuch/XXX Emacs/XXX\r
+ --text follows this line--\r
+ Alex Botero-Lowry <alex.boterolowry@gmail.com> writes:\r
+ \r
+@@ -521,7 +509,6 @@ test_emacs "(let ((message-hidden-headers '()))\r
+ (notmuch-show \"id:${gen_msg_id}\")\r
+ (notmuch-show-reply)\r
+ (test-output))"\r
+-sed -i -e 's,^User-Agent: Notmuch/.* Emacs/.*,User-Agent: Notmuch/XXX Emacs/XXX,' OUTPUT\r
+ cat <<EOF >EXPECTED\r
+ From: Notmuch Test Suite <test_suite@notmuchmail.org>\r
+ To: \r
+@@ -529,7 +516,6 @@ Subject: Re: Reply within emacs to an html-only message\r
+ In-Reply-To: <${gen_msg_id}>\r
+ Fcc: ${MAIL_DIR}/sent\r
+ References: <${gen_msg_id}>\r
+-User-Agent: Notmuch/XXX Emacs/XXX\r
+ --text follows this line--\r
+ Notmuch Test Suite <test_suite@notmuchmail.org> writes:\r
+ \r
+@@ -546,7 +532,6 @@ test_emacs "(let ((message-hidden-headers '()))\r
+ (notmuch-show \"id:$message_id\")\r
+ (notmuch-show-reply)\r
+ (test-output))"\r
+-sed -i -e 's,^User-Agent: Notmuch/.* Emacs/.*,User-Agent: Notmuch/XXX Emacs/XXX,' OUTPUT\r
+ cat <<EOF >EXPECTED\r
+ From: Notmuch Test Suite <test_suite@notmuchmail.org>\r
+ To: \r
+@@ -554,7 +539,6 @@ Subject: Re: Quote MML tags in reply\r
+ In-Reply-To: <test-emacs-mml-quoting@message.id>\r
+ Fcc: ${MAIL_DIR}/sent\r
+ References: <test-emacs-mml-quoting@message.id>\r
+-User-Agent: Notmuch/XXX Emacs/XXX\r
+ --text follows this line--\r
+ Notmuch Test Suite <test_suite@notmuchmail.org> writes:\r
+ \r
+-- \r
+2.8.1\r
+\r
projects / notmuch-archives.git / commitdiff