<<< Date Index >>>     <<< Thread Index >>>

Re: RFC2368 security patch status (Re: CVE-2006-3242 and a new mutt release)



* Thu Jul 13 2006 Rocco Rutte <pdmef@xxxxxxx>
> * TAKAHASHI Tamotsu [06-07-13 22:37:28 +0900] wrote:
> 
> >Note: Without OPTCONFIRMHEADERS, and when $edit_headers=no, you
> >are totally unaware how your headers are modified by mailto-URL.
> >I strongly recommend OPTCONFIRMHEADERS feature. It forces you to
> >edit (or at least review) all your headers.
> 
> IIRC I did something similar for mutt-ng and turned $edit_headers on by 
> force along with a message.

That's good, but the user may edit the message twice or more times,
and I don't think mutt have to force him to edit headers every time.
The first time is enough. So I did not set $edit_headers but did use
another (pseudo) option.

-- 
tamo