about summary refs log tree commit homepage
path: root/lib/PublicInbox/Filter.pm
diff options
context:
space:
mode:
authorEric Wong <normalperson@yhbt.net>2014-04-03 20:28:30 +0000
committerEric Wong <normalperson@yhbt.net>2014-04-03 20:28:30 +0000
commit6c775a61d97e0318e76443adb05f6b71a26a41c9 (patch)
tree4c8dfa42fc968a4ee90a7609065aefb2a68da521 /lib/PublicInbox/Filter.pm
parent1d885995ff2a8e7dc47504e5be60888d3dc06aa6 (diff)
downloadpublic-inbox-6c775a61d97e0318e76443adb05f6b71a26a41c9.tar.gz
filter: possibly keep PGP sigs only (not other types)
We may keep PGP signatures for messages we do not modify.
However, we have no way of verifying them on the server-side.
Diffstat (limited to 'lib/PublicInbox/Filter.pm')
-rw-r--r--lib/PublicInbox/Filter.pm28
1 files changed, 8 insertions, 20 deletions
diff --git a/lib/PublicInbox/Filter.pm b/lib/PublicInbox/Filter.pm
index 64c31e8e..0b4dce87 100644
--- a/lib/PublicInbox/Filter.pm
+++ b/lib/PublicInbox/Filter.pm
@@ -148,27 +148,15 @@ sub strip_multipart {
                         } else {
                                 $rejected++;
                         }
+                } elsif ($part_type =~ m!\Aapplication/pgp-signature\z!i) {
+                        # PGP signatures are not huge, we may keep them.
+                        # They can only be valid if it's the last element,
+                        # so we keep them iff the message is unmodified:
+                        if ($rejected == 0 && !@html) {
+                                push @keep, $part;
+                        }
                 } else {
-                        # reject everything else
-                        #
-                        # Yes, we drop GPG/PGP signatures because:
-                        # * hardly anybody bothers to verify signatures
-                        # * we strip/convert HTML parts, which could invalidate
-                        #   the signature
-                        # * they increase the size of messages greatly
-                        #   (especially short ones)
-                        # * they do not compress well
-                        #
-                        # Instead, rely on soft verification measures:
-                        # * content of the message is most important
-                        # * we encourage Cc: all replies, so replies go to
-                        #   the original sender
-                        # * Received, User-Agent, and similar headers
-                        #   (this is also to encourage using self-hosted mail
-                        #   servers (using 100% Free Software, of course :)
-                        #
-                        # Furthermore, identity theft is uncommon in Free/Open
-                        # Source, even in communities where signatures are rare.
+                        # reject everything else, including non-PGP signatures
                         $rejected++;
                 }
         });