Re: [Evolution] unwanted information disclosure

From: Milan Crha <mcrha redhat com>
To: evolution-list gnome org
Subject: Re: [Evolution] unwanted information disclosure
Date: Fri, 13 Jun 2014 11:40:32 +0200

On Thu, 2014-06-12 at 13:18 -0400, Eugene Kanter wrote:

https://bugzilla.gnome.org/show_bug.cgi?id=702703

Almost a year later, are there any plans to address the problem?
I am tired of applying my dirty patch every time a new 
evolution-data-server package comes out.


        Hi,
well, I'm sorry, but almost a year old bug report and the only person
interested in it (according to CC, where is me and Andre) is you.

I do not know, did you ever check what for example Google does? I did
try it right now, I sent an email from their web UI to myself and guess
what, the header looks like this:

   Message-ID: <CAP0iMMiCt_c113w3yZFeGBzrp=ky8J_H1Cu2J2-S5mRBPbruiA mail gmail com>

Is it wrong that they "exposed" the mail.gmail.com in the message ID?
No, I do not think so. I would not worry about it.

I didn't try anything like thunderbird, clawsmail, mutt, geary, ..., but
I would not be surprised if they do the same - following the RFC.

On the other hand, I agree that there can be valid reasons why you want
to be "hidden", but that didn't strike any huge attention by anyone else
security aware, thus your bug report has a pretty low priority.
        Bye,
        Milan

References:
- [Evolution] unwanted information disclosure
  - From: Eugene Kanter

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]