1)  The HTML is allowed to go outside for images, thus the threat still
exists.  This is a massive security hole and that is NOT an opinion.
The "gain" in completely disabling the ugly, space consuming and
unpleasant user experience of the preview pain is the fact a USER will
control what email they open.  The preview pain is going to open the
next message even if it is virus loaded spam that slipped through the
filters.

2)  Turning preview on by default without providing a global option to
turn it off was just stupid.  Please take Engineering and Design 101.
Requiring a user to go into EACH AND EVERY FOLDER to turn off the
preview pane one by (^)(*&ing one was a complete design failure.  Please
take Engineering and Design 101.

Why is it so difficult to understand?

When you decided to turn the preview pane on globally (which must have
been in the middle of a long night of drinking, because opening a
security hole of that size could only make sense then), you AT A MINIMUM
needed to add   Edit->Preferences   Under the section "Message Display"
a checkbox "Global Preview Pane Default to Off".  When checked the user
could choose to override at a specific folder level if they wish, but
the rest of the application would remain protected from email viruses
which exploit the preview pane.

I guess, after 20+ years in IT designing fault tolerant systems, I have
little tolerance for newcomers that refuse to learn from the past or
take fundamental software design courses.



-- 
Roland Hughes, President
Logikal Solutions
(630)-205-1593

http://www.theminimumyouneedtoknow.com
http://www.infiniteexposure.net

No U.S. troops have ever lost their lives defending our ethanol
reserves. 

On Fri, 2011-01-21 at 20:34 +0000, Marc Deslauriers wrote:

> Outlook uses Internet Explorer as its renderer for HTML email. Disabling
> the preview pane in Outlook would prevent it from rendering HTML mail
> with the Internet Explorer engine which contained multiple security
> issues.
> 
> Applying the same logic to a completely different application, such as
> Evolution, makes no sense. Unless you can pinpoint a specific issue with
> libgtkhtml that would render it more susceptible to buffer overflows
> than evolution itself when it processes email, there is no gain in
> disabling the preview plane.
> 
> ** Changed in: evolution (Ubuntu)
>        Status: Incomplete => Opinion
> 
> ** Changed in: evolution (Ubuntu)
>    Importance: Undecided => Wishlist
>

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to evolution in ubuntu.
https://bugs.launchpad.net/bugs/703367

Title:
  Evolution lost ability to turn off preview pane at application level

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

Reply via email to