From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS6830 37.24.128.0/17 X-Spam-Status: No, score=-3.3 required=3.0 tests=AWL,BAYES_00, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from albireo.enyo.de (albireo.enyo.de [37.24.231.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 2C60A1F4B5; Tue, 12 Nov 2019 22:07:27 +0000 (UTC) Received: from [172.17.203.2] (helo=deneb.enyo.de) by albireo.enyo.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) id 1iUeJp-0000r6-2B; Tue, 12 Nov 2019 22:07:25 +0000 Received: from fw by deneb.enyo.de with local (Exim 4.92) (envelope-from ) id 1iUeJo-0006y4-UY; Tue, 12 Nov 2019 23:07:24 +0100 From: Florian Weimer To: Eric Wong Cc: meta@public-inbox.org Subject: Re: Archiving HTML mail References: <87r22ddxly.fsf@mid.deneb.enyo.de> <20191112210923.GA9729@dcvr> <874kz8eqwf.fsf@mid.deneb.enyo.de> <20191112215307.GA20307@dcvr> Date: Tue, 12 Nov 2019 23:07:24 +0100 In-Reply-To: <20191112215307.GA20307@dcvr> (Eric Wong's message of "Tue, 12 Nov 2019 21:53:07 +0000") Message-ID: <871rucda03.fsf@mid.deneb.enyo.de> MIME-Version: 1.0 Content-Type: text/plain List-Id: * Eric Wong: >> My feeling is that it would need some post-processing, maybe stripping >> image links and forms (and Javascript of course). Plus the separate >> domain thing for additional XSS protection (like bugzilla.mozilla.org >> does, IIRC). But presumably you could put the entire list archive >> under its own domain to avoid having to write code for that. > > That would mess up DKIM verifications if somebody is trying to > verify archives. You have to rewrite the HTML parts anyway, to resolve RFC 2392 cid: links, prior to handing them to web browsers. I don't think web browsers support them. Neither over HTTP, nor browsing locally. >> > Also, public-inbox-watch is designed to work in parallel with >> > existing mailing lists. I archive several lists (including >> > libc-alpha@sourceware and git@vger) this way with no special >> > permissions or access aside from being a regular subscriber. >> >> I feel we need to change libc-alpha to accept text/html email. > > Given there's some cross-posting to vger lists which reject HTML, > that could do more harm than good. Maybe. But do newcomers tend to cross-post that heavily? If they do, that's probably another problem. > My goal is not just to get hackers into using plain-text mail, > but having them influence non-hackers into using plain-text > mail, too. On the other hand, if we reject their email, we lose a chance to interact with them directly and influence them.