Re: [PATCH] Remove absolute paths from gpg.rc
On Thu, Mar 22, 2007 at 08:45:20PM -0400, Derek Martin wrote:
> On Thu, Mar 22, 2007 at 04:34:44PM +0000, Dave wrote:
> > I've already explained several times that the user doesn't own the
> > system. The physical user is governed by the owner of the system.
> The situation is less clear for e-Mail though; my personal security
> policy does not simply protect my own privacy. It also protects the
> privacy of anyone who sends mail to me. People have a right to expect
> that if they send you mail in confidence, you will respect that
> confidence. It is not fair to people who send mail to you for you to
> make a decision, as a matter of policy, that you will not respect
> their privacy. By setting the umask to 077, Mutt helps you not just
> to protect your own privacy, but also to protect the privacy of other
> people who send you mail with the expectation that you will safeguard
> their privacy. In so doing, Mutt rightly prevents you from
> disregarding other people's privacy as a matter of policy, and forces
> you to make a concious decision to perform a malicious act of
> violating their privacy. The very same goes for attachments,
> temporary files, or any other file that Mutt creates which is related
> to your mail.
This thread is making my head hurt.
I use mutt on a machine with basically no other users, and often wish to
copy attachments to a web-accessible location in order to view them more
easily. Doing this means I have to save the attachment, suspend mutt,
change each file's mode, and then go back into mutt. Now is this the
most secure thing to do? Maybe not, but it's the most convenient for me.
I know a lot of other people who do similar things.
I think it's reasonable to at the very least make the mode of saved
attachments configurable (whether this comes from a config setting or
the user's umask doesn't matter, though I can see the argument for the
former). That allows people to configure mutt to do what they want, but
still makes it difficult for them to accidentally do so by simply having
a more permissive umask. I don't see how anyone who configures mutt this
way and then has a problem can (reasonably) complain that it's mutt's
fault. Mutt is basically only used by very nerdy people, and the
software itself takes the philosophy of giving people enough rope to
hang themselves. I don't see why this should be any different.
And please, guys... turn down the heat a little.
w