[Mailman-Users] Approved: password header!

[Mark Sapiro]

Brad Knowles wrote:

>on 8/6/09 9:14 PM, Stephen J. Turnbull said:
>
>>  > I'll consider this as a feature for Mailman 2.2
>> 
>> I think this is unwise.  The subject header is read by everybody, and
>> you can't just delete it, so you have to munge it.  More complexity.
>> It's not so hard to add an Approved pseudo-header.
>
>Some people really, really don't know what their software can do, and 
>can't be taught how to make use of advanced features.  Others may be 
>able to learn how to use advanced features, but they are forced to use 
>software that is locked down into a configuration that they can't change.
>
>
>So, the question becomes this -- at what point do you stop bending over 
>backwards to try to make seriously broken MUAs (or seriously un-savvy 
>MUA users) be able to have some sort of minimal functionality, and at 
>what point do you decide that it's too much work or opens too large of a 
>security hole?
>
>That's not a question I can answer.


But it is a good question, and I'm not sure I know the answer either.

I know from experience with users, that it isn't always easy or obvious
how to get MS Outlook/Exchange to even send a multipart/alternative
message instead of just text/html. In that case, an Approved: pseudo
header won't be found because it is only looked for in the first
text/plain part of the message.

Even when it is found, it's removal from other 'fancy' parts of a
multipart/alternative part is on a 'best effort' basis and isn't
guaranteed.

And then there's the issue of corporate mail environments that wrap
messages in disclaimers possibly adding an initial text/plain part
preceding the part with the pseudo header, thus hiding it from our
search.

Thus, the idea of allowing "[Approved: password]" in the subject header
and removing only that text from the subject has appeal because it
doesn't depend on any characteristics of the message body.

The idea is to require the square brackets so a mere "approved:" in the
subject (such as this message) doesn't trigger a match. We only match
if we find "Approve:" or "Approved:" followed by a single "word"
inside the square brackets and then we remove the brackets and their
contents.

The patch which I attached to my earlier reply does this and also deals
with RFC2047 encoded subjects and encodes the result as utf-8 if and
only if it contains non-ascii.

I'm not completely comfortable with this approach, but neither am I
completely comfortable with the pseudo header in the body of a
multipart/alternative message. I always recommend a true Approved:
header for this purpose, but I've googled more than once trying to
find how to do this with Outlook, and I haven't found a straight
forward way to do it.


-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan