Re: [Evolution] unwanted information disclosure

On Thu, 2014-06-12 at 13:18 -0400, Eugene Kanter wrote:

Almost a year later, are there any plans to address the problem?
I am tired of applying my dirty patch every time a new 
evolution-data-server package comes out.

well, I'm sorry, but almost a year old bug report and the only person
interested in it (according to CC, where is me and Andre) is you.

I do not know, did you ever check what for example Google does? I did
try it right now, I sent an email from their web UI to myself and guess
what, the header looks like this:

   Message-ID: <CAP0iMMiCt_c113w3yZFeGBzrp=ky8J_H1Cu2J2-S5mRBPbruiA mail gmail com>

Is it wrong that they "exposed" the in the message ID?
No, I do not think so. I would not worry about it.

I didn't try anything like thunderbird, clawsmail, mutt, geary, ..., but
I would not be surprised if they do the same - following the RFC.

On the other hand, I agree that there can be valid reasons why you want
to be "hidden", but that didn't strike any huge attention by anyone else
security aware, thus your bug report has a pretty low priority.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]