From 6c775a61d97e0318e76443adb05f6b71a26a41c9 Mon Sep 17 00:00:00 2001 From: Eric Wong Date: Thu, 3 Apr 2014 20:28:30 +0000 Subject: filter: possibly keep PGP sigs only (not other types) We may keep PGP signatures for messages we do not modify. However, we have no way of verifying them on the server-side. --- lib/PublicInbox/Filter.pm | 28 ++++++++-------------------- 1 file changed, 8 insertions(+), 20 deletions(-) (limited to 'lib/PublicInbox/Filter.pm') diff --git a/lib/PublicInbox/Filter.pm b/lib/PublicInbox/Filter.pm index 64c31e8e..0b4dce87 100644 --- a/lib/PublicInbox/Filter.pm +++ b/lib/PublicInbox/Filter.pm @@ -148,27 +148,15 @@ sub strip_multipart { } else { $rejected++; } + } elsif ($part_type =~ m!\Aapplication/pgp-signature\z!i) { + # PGP signatures are not huge, we may keep them. + # They can only be valid if it's the last element, + # so we keep them iff the message is unmodified: + if ($rejected == 0 && !@html) { + push @keep, $part; + } } else { - # reject everything else - # - # Yes, we drop GPG/PGP signatures because: - # * hardly anybody bothers to verify signatures - # * we strip/convert HTML parts, which could invalidate - # the signature - # * they increase the size of messages greatly - # (especially short ones) - # * they do not compress well - # - # Instead, rely on soft verification measures: - # * content of the message is most important - # * we encourage Cc: all replies, so replies go to - # the original sender - # * Received, User-Agent, and similar headers - # (this is also to encourage using self-hosted mail - # servers (using 100% Free Software, of course :) - # - # Furthermore, identity theft is uncommon in Free/Open - # Source, even in communities where signatures are rare. + # reject everything else, including non-PGP signatures $rejected++; } }); -- cgit v1.2.3-24-ge0c7