[Portland] RE: xdg-email BCC

Bastian, Waldo waldo.bastian at intel.com
Fri Jun 2 16:55:25 PDT 2006 

Xdg-email only supports the headers listed in its manpage, mainly
because it relies on a third party mailer such as kmail or evolution.
Maybe the reference to RFC2368 should be removed from the man-page.

Waldo Bastian
Linux Client Architect - Client Linux Foundation Technology
Channel Platform Solutions Group
Intel Corporation - http://www.intel.com/go/linux
OSDL DTL Tech Board Chairman

>-----Original Message-----
>From: Whipple, Tom
>Sent: Friday, June 02, 2006 4:46 PM
>To: Bastian, Waldo; Bryce Harrington
>Cc: portland at lists.freedesktop.org
>Subject: RE: [Portland] RE: xdg-email BCC
>
>I am actually more inclined to go more with #1, possibly making an
>exception for attachments.
>
>The reason is that according to the RFC it is possible to put almost
any
>legal mail header into the URL. The example listed in the RFC is
><mailto:foobar at example.com?In-Reply-To=%3c3469A91.D10AF4C at example.com>
>where it is assumed that the context is a response to an email thread
in a
>discussion group. I can also imagine a case where a user might want to
add
>custom headers such as X-SPAM-level=5.2 or something similar. Parsing
>command line options explicitly could get _very_ tedious.
>
>It also might make sense to allow reading the body explicitly from a
file,
>since the body must be URL encoded, again quoting the RFC "... note
that
>line breaks in the body of a message MUST be encoded with "%0D%0A"" So,
>perhaps the --body argument takes a text file and encodes it properly?
>
>-----Original Message-----
>From: portland-bounces at lists.freedesktop.org [mailto:portland-
>bounces at lists.freedesktop.org] On Behalf Of Bastian, Waldo
>Sent: Friday, June 02, 2006 4:09 PM
>To: Bryce Harrington
>Cc: portland at lists.freedesktop.org
>Subject: RE: [Portland] RE: xdg-email BCC
>
>Yes.. I think there is no doubt about the required capabilities. It's
>more an issue of how to expose those capabilities in the command line
>interface. Which of the following three forms should be supported?
>
>1) xdg-email 'mailto:jwhite at codeweavers.com?subject=Logo contest&' \
>          'body=Attached you find the logo for the contest.&' \
>          'attachment=/tmp/logo.png&bcc=bastian at kde.org'
>
>2) xdg-email --attachment /tmp/logo.png -bcc bastian at kde.org \
>          'mailto:jwhite at codeweavers.com?subject=Logo contest&' \
>          'body=Attached you find the logo for the contest.'
>
>3) xdg-email --attachment /tmp/logo.png -bcc bastian at kde.org \
>          --subject 'Logo contest' \
>          --body 'Attached you find the logo for the contest.' \
>          jwhite at codeweavers.com
>
>I'm inclined to answer that with 2) and 3)
>
>Especially since 2) should actually be:
>2) xdg-email --attachment /tmp/logo.png -bcc bastian at kde.org \
>          'mailto:jwhite at codeweavers.com?subject=Logo%20contest&' \
>
>'body=Attached%20you%20find%20the%20logo%20for%20the%20contest.'
>
>Waldo Bastian
>Linux Client Architect - Client Linux Foundation Technology
>Channel Platform Solutions Group
>Intel Corporation - http://www.intel.com/go/linux
>OSDL DTL Tech Board Chairman
>
>>-----Original Message-----
>>From: Bryce Harrington [mailto:bryce at osdl.org]
>>Sent: Friday, June 02, 2006 3:57 PM
>>To: Bastian, Waldo
>>Cc: Whipple, Tom; portland at lists.freedesktop.org
>>Subject: Re: [Portland] RE: xdg-email BCC
>>
>>Well, the ability to do attachments would be one of the principle use
>>cases for applications using xdg.  Specifically, I'm thinking of
>>something like, File -> Mail-To, that would allow a user to email
>>whatever document they're working on to someone else.
>>
>>Without an attachment capability, this would still be useful for
>>feedback links (maybe for sending in bug reports), but I think that's
a
>>secondary use.
>>
>>Anyway, so I think this distinguishes our usage from what this RFC is
>>targetting.  (I don't have an opinion on whether BCC would be useful
to
>>include, but if we are supporting TO and CC, then why not?)
>>
>>Bryce
>>
>>On Fri, Jun 02, 2006 at 03:23:23PM -0700, Bastian, Waldo wrote:
>>> [CC'ing Portland list]
>>>
>>> Well RFC2368 was written with the web in mind. Our use case here is
>>slightly different, we want to give applications the possibility to
>invoke
>>a mailer. The points made in the RFC remain valid though, so maybe we
>>should offer explicit options for BCC and Attachment but not honour
>these
>>options when they are part of the URL. Maybe we should go even further
>and
>>offer all other options as an explicit command line options as well,
>which
>>might be convenient in case you have the individual elements at hand
>but
>>not a URL. What do other people think?
>>>
>>> Waldo Bastian
>>> Linux Client Architect - Client Linux Foundation Technology
>>> Channel Platform Solutions Group
>>> Intel Corporation - http://www.intel.com/go/linux
>>> OSDL DTL Tech Board Chairman
>>> ________________________________________
>>> From: Whipple, Tom
>>> Sent: Friday, June 02, 2006 3:03 PM
>>> To: Bastian, Waldo
>>> Subject: xdg-email BCC
>>>
>>> >From the description in the xdg-email manpage:
>>>
>>> "mailto-uri may contain ... bcc, subject, body and attachment."
>>>
>>> However, from section 7 of RFC2368
>>>
>>> ?? A mail client should never send anything without complete
>disclosure
>>> ?? to the user of what is will be sent; it should disclose not only
>the
>>> ?? message destination, but also any headers. Unrecognized headers,
>or
>>> ?? headers with values inconsistent with those the mail client would
>>> ?? normally send should be especially suspect. MIME headers (MIME-
>>> ?? Version, Content-*) are most likely inappropriate, as are those
>>> ?? relating to routing (From, Bcc, Apparently-To, etc.)
>>>
>>> ?? Note that some headers are inherently unsafe to include in a
>message
>>> ?? generated from a URL. For example, headers such as "From:",
>"Bcc:",
>>> ?? and so on, should never be interpreted from a URL. In general,
the
>>> ?? fewer headers interpreted from the URL, the less likely it is
that
>a
>>> ?? sending agent will create an unsafe message.
>>>
>>> So, I don't think Bcc should be mentioned in the manpage. But, this
>is a
>>"should not" so I don't think we need to test to see that this is NOT
>>supported.
>>>
>>> Also, attachment is not mentioned in the RFC. I don't know if we
want
>to
>>think about it here and now, but what if I made a webpage with a link
>such
>>as 'mailto:hacker at evil.org?attachment=/etc/passwd'. It seems that this
>>would also be a security consideration.
>>>
>>> -tom
>>> _______________________________________________
>>> Portland mailing list
>>> Portland at lists.freedesktop.org
>>> http://lists.freedesktop.org/mailman/listinfo/portland
>_______________________________________________
>Portland mailing list
>Portland at lists.freedesktop.org
>http://lists.freedesktop.org/mailman/listinfo/portland

More information about the Portland mailing list