From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS22989 209.51.188.0/24 X-Spam-Status: No, score=-3.1 required=3.0 tests=AWL,BAYES_00, DKIM_ADSP_CUSTOM_MED,DKIM_INVALID,DKIM_SIGNED, FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id F18771F463 for ; Wed, 25 Sep 2019 20:16:13 +0000 (UTC) Received: from localhost ([::1]:56998 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iDDhs-0005Ki-Jj for e@80x24.org; Wed, 25 Sep 2019 16:16:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:55523) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from <321942@gmail.com>) id 1iDDhE-0005J3-D3 for libreplanet-discuss@libreplanet.org; Wed, 25 Sep 2019 16:15:33 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from <321942@gmail.com>) id 1iDDhC-0002R6-Qa for libreplanet-discuss@libreplanet.org; Wed, 25 Sep 2019 16:15:32 -0400 Received: from mail-wm1-x332.google.com ([2a00:1450:4864:20::332]:34567) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from <321942@gmail.com>) id 1iDDhC-0002QC-JK for libreplanet-discuss@libreplanet.org; Wed, 25 Sep 2019 16:15:30 -0400 Received: by mail-wm1-x332.google.com with SMTP id y135so4985677wmc.1 for ; Wed, 25 Sep 2019 13:15:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:in-reply-to:references:user-agent:accept :accept-language:mail-copies-to:date:message-id:mime-version; bh=7PeSdirKog7R9TPFat/Ubzj6g4pnhqcY3dqxCvb0c/s=; b=WVPNK7u+yE2nuyJRXzOKjHNuzo8LiuIxSMu+dc4cuHi3DvH1/5nmWprqljraXhV5fd VOO/MIur7XYxnRUpp3EcBYnxM1r3l5DUAfEkfF7GbkGt0YfURhxIqT9y2FxGyELaMq5z mFFQkxPky2LDbSL4aNc/+rBE5Oz4/c4SoSr3H6GnaBYv5WaI1R6E7NIp/X0vwaVxD1Z8 83VLhAUiwKFhRG84V5Zce6lViA2m91552F1t/r4XYjJK/lxjn8WLams5snvB8lFf7bcN lyxQm6llwGeWzvrrEdEAuYRYG+HrOW17OW8sfTMKrP0rnHYO5GVUa84hjPUmmEkDRKLK BqZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references :user-agent:accept:accept-language:mail-copies-to:date:message-id :mime-version; bh=7PeSdirKog7R9TPFat/Ubzj6g4pnhqcY3dqxCvb0c/s=; b=FmJ36accECCTQqEinyz8MOqf7wKvdWOp6of7GUb5AeCFCutrxk27aPHl3lGpBVroqp 2lPvlu4nMpwZGZUVQxIqYuc+URRr8fNlB2kLB35PWpDBwJVdL3ZpbZSltvHKQWc2iB/6 5vXZnG7WpC/zRnP/oMuk/cROWjWHLDw31wbRNjLmW3h5pATH2YX9MQsonrBpoX0b0rH6 2S+hlRlpiciJt1otvD7R2NlDCeTyG3+8tXgfqwMWYig+Py3vYJrZpdwFfBCWj5VqCW6u 6F4N9SO9UB4ELqQkJzDTWzij/BWVRj+99zrW/vxjb5UXwbz07SEXkoX8CjYJ6B3CS2bz alPA== X-Gm-Message-State: APjAAAWOsPKhr78/o63Ls5F77aCnsP03tQsJQC22AEk85ODmNyT6rftC 8XaLRcNZErfpcopiSWEQKLx2k4SPoDs= X-Google-Smtp-Source: APXvYqxuWfdurGyn5/bmA7q5gF55ydZUJolt5sCXHHoyl2EaFH5C1mHYvpD18SKdRb4bVUEQUqB43g== X-Received: by 2002:a1c:c789:: with SMTP id x131mr52091wmf.20.1569442528607; Wed, 25 Sep 2019 13:15:28 -0700 (PDT) Received: from localhost ([109.201.133.30]) by smtp.gmail.com with ESMTPSA id f13sm40116wmj.17.2019.09.25.13.15.25 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 25 Sep 2019 13:15:27 -0700 (PDT) From: Dmitry Alexandrov <321942@gmail.com> To: Ian Kelling Subject: Re: GNU Mailman settings for this list In-Reply-To: <878sqc9yeb.fsf@fsf.org> (Ian Kelling's message of "Wed, 25 Sep 2019 11:41:16 -0400") References: <7e7f4c90-06ac-45fb-86b9-dba297c0f77c@pocock.pro> <877e5z80z7.fsf@wjsullivan.net> <878sqc9yeb.fsf@fsf.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) Accept: text/plain,text/markdown,text/x-org,text/html,text/*,*/* Accept-Language: ru,en Mail-Copies-To: always Date: Wed, 25 Sep 2019 23:15:23 +0300 Message-ID: MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::332 X-BeenThere: libreplanet-discuss@libreplanet.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: libreplanet-discuss@libreplanet.org Content-Type: multipart/mixed; boundary="===============3797018232740446127==" Errors-To: libreplanet-discuss-bounces+e=80x24.org@libreplanet.org Sender: "libreplanet-discuss" --===============3797018232740446127== Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ian Kelling wrote: > Dmitry Alexandrov <321942@gmail.com> writes: >> Well. At least, I hope his list would not be as broken technically as t= his is used to be: before the last downtime it chucked out HTML parts, so s= ignatures became invalid. When the issue was brought up half a year ago, I= an Kelling said he was about to look into it when doing = a upgrade [1]. And indeed, something changed: now it does not cut parts of= f, but performs a lossy conversion to plain text. >> >> So a message composed with a typical out of a box MUA and passed through= this list now have *two* autogenerated parts: one by sender=E2=80=99s MUA = and another by gnu.org=E2=80=99s Mailman, which confuses subscribers [2]. = Signatures are still broken, of course. >> >> (That=E2=80=99s besides everything else: mangling =E2=80=98from=E2=80=99= field, etc.) >> > > Should Mailman convert text/html parts to plain text? Currently this is s= et to "yes". When plain text alternative is already present? Of course, not. > There's good and bad things about this setting. There is no good things about _current_ settings: who needs _two_ autogener= ated plain text parts? Goodness of the former settings, when HTML parts wa= s cut off, is also doubtful. > One bad thing is that gpg signatures on html email will be rendered inval= id. Another bad thing that many MUAs have a bad habit of autohardwrapping plain= text, while being incapable to do that properly (well, generally speaking = it=E2=80=99s a task unsolvable without AI). I am tired of sorting out the = quoting mess that they produce. > For this list, I think its best to keep that setting on, because html ema= il is a risk of security, software freedom and privacy unless you take very= tech savvy measures against it This is exaggeration. There is no more security risks than of viewing a pa= ge on the Web. As for privacy, there is nothing =E2=80=98very tech savvy= =E2=80=99 in disabling external images; not to say, that many MUAs do that = by default nowadays, while many email providers, on the contrary, still rev= eal sender IP (both local and public, if differ) in every letter sent. > and this is not a list we should expect that or expose people to that. Neither are able to protect them: if someone would like to send a malicious= message to a list subscriber, you could do noting to prevent him. > Lots of people reading this list like me, have their email client set to = convert any html email to plain text. And lots of people, like me, prefer to see what was actually sent by an aut= hor, not a result of lossy conversion. > Mangling the from field happens when someone sends from a strict DMARC do= main (a newish email security standard that is not widespread), because mai= lman modifies all messages to add the subject prefix and footer Yes, I am aware of that. That why I was glad, when you said that they woul= d go away after upgrade. And disappointed, when they did not. > and by that standard, it has to change the From line. Plain text conversi= on is also a message modification that requires the change. Subject prefixe= s and footers provide valuable information, especially to users who are not= familiar with email lists, eg: someone signs up for this list, new message= s appear in their inbox, but they can't tell its from the list Of course, he can: they normally have a libreplanet-discuss@libreplanet.org= in either =E2=80=98to=E2=80=99 or =E2=80=98cc=E2=80=99. > or how to filter them or how to turn it off. Then he would do what he usually does when meet a technical difficulty: eit= her google or ask. While providing him with tag in a subject and instructions in footer is not= hing else but teaching him a wrong practice, most prominent downsides of wh= ich you=E2=80=99ve just outlined. In the best case, he will have to learn = the proper way nevertheless when encounters a list that does not do it, in = the worst =E2=80=94 will demand from that other list to support the bad pra= ctice too. > For users who are familiar with mailing lists, or are sending patches, th= ey should generally be turned off, and we are turning them off for a lot of= lists, but for this list, its more important to have settings that are mos= t helpful to new users. I believe, users new to mailing lists should be introduced to a pristine sy= stem, not a system full of quirks. If we want to be helpful to new subscribers, why do not explain how to unsu= bscribe from a list or filter it in a welcoming message? Mailman on gnu.or= g does send a pretty useless welcoming message to any new user anyway, does= not it? > I'm not sure, but the footer might also invalidate mime gpg signatures. No, it should not. Are my signatures invalid? It does invalidate DKIM signatures, if a body is signed too, though. And y= es, this practice exists and there are all chances that it will become more= widespread in the future. By the way, IIRC, there was complaints, that messages of this list tend to = be classified by major email providers as spam more often than those of oth= er lists @gnu.org. Despite that DKIM per se is not intended as antispam me= asure, the massive flow of mail with DKIM signatures invalidated due to sub= ject tagging, HTML excising and adding footer might be the reason neverthel= ess. Who knows what proprietary spam classifier might found shady? > If that is the case, it means to send gpg signed mail to this list, you n= eed to send inline, not mime. And it will always need to be plain text. (sarcasm-mode +1) Which would undoubtedly make this list much more user-friendly! That was t= he goal, is not it? (sarcasm-mode -1) In short, I propose to refrain from _any_ mangling of messages. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE1yoTx9fONarixgNIydoJ3hnBsjAFAl2LytsACgkQydoJ3hnB sjCPwggAwk14k6u9otPwFaBP2ZJMxz5Eb5SjkfT7v6kvRXskRB0zA83tr7vl4G/G xkWHEzonwJAauKgZ6m16S4iAPC1LtmSWes4E6V3wAXJtLYdIVQB8L4/CsmDlhpio 1hWDQmVNQhuns1uIE/UaIYOHSFrUx+WtRYg1kBRKJpuYzu/FhSgrCNellRtrbIla Mhpb9c18vjk4QnDBNZ+uNb98o27zFB0uVMyOCnxdM7iBN3FIu6mGS9HtH+SiYSIM v3euu1qoJoWscfc21tDLCPtHh6Ai0ah55MxajIOsKApb9mlAyWA6fO2Hy9jh90E0 T5Yd+dnaAccDIHRJO1Fm6ER57L3t1Q== =p2FR -----END PGP SIGNATURE----- --=-=-=-- --===============3797018232740446127== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KbGlicmVwbGFu ZXQtZGlzY3VzcyBtYWlsaW5nIGxpc3QKbGlicmVwbGFuZXQtZGlzY3Vzc0BsaWJyZXBsYW5ldC5v cmcKaHR0cHM6Ly9saXN0cy5saWJyZXBsYW5ldC5vcmcvbWFpbG1hbi9saXN0aW5mby9saWJyZXBs YW5ldC1kaXNjdXNz --===============3797018232740446127==--