--- /dev/null
+Return-Path: <dkg@fifthhorseman.net>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+ by arlo.cworth.org (Postfix) with ESMTP id E0C4F6DE026C\r
+ for <notmuch@notmuchmail.org>; Mon, 8 Aug 2016 13:42:53 -0700 (PDT)\r
+X-Virus-Scanned: Debian amavisd-new at cworth.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: -0.053\r
+X-Spam-Level: \r
+X-Spam-Status: No, score=-0.053 tagged_above=-999 required=5\r
+ tests=[AWL=-0.053] autolearn=disabled\r
+Received: from arlo.cworth.org ([127.0.0.1])\r
+ by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024)\r
+ with ESMTP id wRdvspJLxYUA for <notmuch@notmuchmail.org>;\r
+ Mon, 8 Aug 2016 13:42:45 -0700 (PDT)\r
+Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118])\r
+ by arlo.cworth.org (Postfix) with ESMTP id 860136DE0188\r
+ for <notmuch@notmuchmail.org>; Mon, 8 Aug 2016 13:42:44 -0700 (PDT)\r
+Received: from fifthhorseman.net (unknown [38.109.115.130])\r
+ by che.mayfirst.org (Postfix) with ESMTPSA id 57155F98B\r
+ for <notmuch@notmuchmail.org>; Mon, 8 Aug 2016 16:42:42 -0400 (EDT)\r
+Received: by fifthhorseman.net (Postfix, from userid 1000)\r
+ id 709271FE91; Mon, 8 Aug 2016 16:42:37 -0400 (EDT)\r
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>\r
+To: Notmuch Mail <notmuch@notmuchmail.org>\r
+Subject: [PATCH] Omit User-Agent: header by default\r
+Date: Mon, 8 Aug 2016 16:42:37 -0400\r
+Message-Id: <1470688957-30562-1-git-send-email-dkg@fifthhorseman.net>\r
+X-Mailer: git-send-email 2.8.1\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.20\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+ <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <https://notmuchmail.org/mailman/options/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch/>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <https://notmuchmail.org/mailman/listinfo/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Mon, 08 Aug 2016 20:42:54 -0000\r
+\r
+The User-Agent: header can be fun and interesting, but it also leaks\r
+quite a bit of information about the user and their software stack.\r
+\r
+This represents a potential security risk (attackers can target the\r
+particular stack) and also an anonymity risk (a user trying to\r
+preserve their anonymity by sending mail from a non-associated account\r
+might reveal quite a lot of information if their choice of mail user\r
+agent is exposed).\r
+\r
+This change also avoids hiding the User-Agent header by default, so\r
+that people who decide they want to send it will at least see it (and\r
+can edit it if they want to) before sending.\r
+\r
+It makes sense to have safer defaults.\r
+---\r
+ emacs/notmuch-mua.el | 4 ++--\r
+ 1 file changed, 2 insertions(+), 2 deletions(-)\r
+\r
+diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el\r
+index 1ca8056..f3a4e5a 100644\r
+--- a/emacs/notmuch-mua.el\r
++++ b/emacs/notmuch-mua.el\r
+@@ -62,7 +62,7 @@ disabled: this would result in an incorrect behavior."))\r
+ (const :tag "Compose mail in a new window" new-window)\r
+ (const :tag "Compose mail in a new frame" new-frame)))\r
+ \r
+-(defcustom notmuch-mua-user-agent-function 'notmuch-mua-user-agent-full\r
++(defcustom notmuch-mua-user-agent-function nil\r
+ "Function used to generate a `User-Agent:' string. If this is\r
+ `nil' then no `User-Agent:' will be generated."\r
+ :type '(choice (const :tag "No user agent string" nil)\r
+@@ -73,7 +73,7 @@ disabled: this would result in an incorrect behavior."))\r
+ :value notmuch-mua-user-agent-full))\r
+ :group 'notmuch-send)\r
+ \r
+-(defcustom notmuch-mua-hidden-headers '("^User-Agent:")\r
++(defcustom notmuch-mua-hidden-headers nil\r
+ "Headers that are added to the `message-mode' hidden headers\r
+ list."\r
+ :type '(repeat string)\r
+-- \r
+2.8.1\r
+\r
projects / notmuch-archives.git / commitdiff