Return-Path: <dkg@fifthhorseman.net>
X-Original-To: notmuch@notmuchmail.org
Delivered-To: notmuch@notmuchmail.org
Received: from localhost (localhost [127.0.0.1])
	by olra.theworths.org (Postfix) with ESMTP id C4E29431FC4
	for <notmuch@notmuchmail.org>; Thu, 29 Jan 2015 10:03:52 -0800 (PST)
X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
X-Spam-Flag: NO
X-Spam-Score: 2.438
X-Spam-Level: **
X-Spam-Status: No, score=2.438 tagged_above=-999 required=5
	tests=[DNS_FROM_AHBL_RHSBL=2.438] autolearn=disabled
Received: from olra.theworths.org ([127.0.0.1])
	by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id otqU+He0Q409 for <notmuch@notmuchmail.org>;
	Thu, 29 Jan 2015 10:03:49 -0800 (PST)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108])
	by olra.theworths.org (Postfix) with ESMTP id 95576431FBC
	for <notmuch@notmuchmail.org>; Thu, 29 Jan 2015 10:03:49 -0800 (PST)
Received: from fifthhorseman.net (unknown [38.109.115.130])
	by che.mayfirst.org (Postfix) with ESMTPSA id 7E71AF984
	for <notmuch@notmuchmail.org>; Thu, 29 Jan 2015 13:03:44 -0500 (EST)
Received: by fifthhorseman.net (Postfix, from userid 1000)
	id 76109201D1; Thu, 29 Jan 2015 13:03:43 -0500 (EST)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: notmuch mailing list <notmuch@notmuchmail.org>
Subject: Re: privacy problem: text/html parts pull in network resources
In-Reply-To: <yq65386uqx0a.fsf@jinwoo-macbookair.roam.corp.google.com>
References: <87ppa7q25w.fsf@alice.fifthhorseman.net>
	<87fvay3g0g.fsf@maritornes.cs.unb.ca>
	<871tmfin1k.fsf@alice.fifthhorseman.net>
	<yq65h9vbtsyt.fsf@jinwoo-macbookair.roam.corp.google.com>
	<yq65386uqx0a.fsf@jinwoo-macbookair.roam.corp.google.com>
User-Agent: Notmuch/0.18.2 (http://notmuchmail.org) Emacs/24.4.1
	(x86_64-pc-linux-gnu)
Date: Thu, 29 Jan 2015 13:03:43 -0500
Message-ID: <87wq45cvls.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain
X-BeenThere: notmuch@notmuchmail.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: "Use and development of the notmuch mail system."
	<notmuch.notmuchmail.org>
List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
List-Archive: <http://notmuchmail.org/pipermail/notmuch>
List-Post: <mailto:notmuch@notmuchmail.org>
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jan 2015 18:03:52 -0000

On Wed 2015-01-28 18:57:25 -0500, Jinwoo Lee wrote:
> Do you mind if I add a boolean defcustom, which determines whether to
> block remote images?  Its default value will be T (block), but people
> who want to see remote images can customize it.

I have no objection to this kind of knob in an already fiddly config
space.  In the other thread, i see the discussion of whether this should
expose something fancier than a boolean, but given the number of
possible rendering backends, i don't know how well we can support any of
these options reliably.

What should notmuch do when the customization variable is set to t
(block remote images) but the html rendering backend doesn't support
blocking remote images?

It seems dangerous/disingenuous to offer the option to the user but not
be able to enforce it in this case.  Should having this set to t
restrict the range of html renderers to only those that we can force to
respect it?

        --dkg