[Mailman-Developers] Please add multipart/signed to DEFAULT_PASS_MIME_TYPES
Mark Sapiro
mark at msapiro.net
Wed Nov 18 11:17:17 EST 2015
On 11/18/15 4:35 AM, Carlos Alberto Lopez Perez wrote:
>
> I was thinking in changing it to :
>
> ['multipart/mixed', 'multipart/alternative', 'multipart/signed', 'text/plain']
>
> Instead, you suggest to just add [ 'multipart' ] to the list. I have 2 questions:
> - Will 'multipart' match all the 3 previous multipart/variations?
'multipart' will match any MIME multipart/anything content type,
including those 3 and multipart/related, multipart/report, etc. See
<http://www.iana.org/assignments/media-types/media-types.xhtml#multipart> for
the registered sub-types, but some MUAs may create even others.
> - Is there any multipart/variation that we shouldn't allow by default?
Multipart parts are those which contain other parts as sub-parts. Since
ultimately, the elemental (non-multipart) parts that are contained in
the multipart part must be explicitly allowed, passing any multipart
part should be safe.
I.e., considering your issue, you want to accept text/plain parts but
they are contained in a multipart/signed part which is not accepted, so
those parts are removed.
It doesn't matter what multipart types you accept. If the only elemental
parts you accept are text/plain, the only elemental parts that will
remain after filtering is text/plain parts.
> If the answer is yes to the first question and no/notsure the second one,
> then I think is a good idea to just add 'multipart'
>
> Not sure regarding 'application/pgp-signature'. I guess we can include it also.
This depends on your objective in accepting multipart/signed. If you
only care about accepting the text and don't mind if the signature is
stripped, you don't need to accept signature parts, but if you want to
actually deliver a signed or partially signed message to the list, you
need to accept the signature parts as well. These include in decreasing
order of frequency observed, application/pgp-signature,
application/pkcs7-signature and application/x-pkcs7-signature.
> Filed: https://bugs.launchpad.net/mailman/+bug/1517446
Noted. Thanks.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/mailman-developers/attachments/20151118/af0a290f/attachment.sig>
More information about the Mailman-Developers
mailing list