1) The HTML is allowed to go outside for images, thus the threat still exists. This is a massive security hole and that is NOT an opinion.
The "gain" in completely disabling the ugly, space consuming and unpleasant user experience of the preview pain is the fact a USER will control what email they open. The preview pain is going to open the next message even if it is virus loaded spam that slipped through the filters. 2) Turning preview on by default without providing a global option to turn it off was just stupid. Please take Engineering and Design 101. Requiring a user to go into EACH AND EVERY FOLDER to turn off the preview pane one by (^)(*&ing one was a complete design failure. Please take Engineering and Design 101. Why is it so difficult to understand? When you decided to turn the preview pane on globally (which must have been in the middle of a long night of drinking, because opening a security hole of that size could only make sense then), you AT A MINIMUM needed to add Edit->Preferences Under the section "Message Display" a checkbox "Global Preview Pane Default to Off". When checked the user could choose to override at a specific folder level if they wish, but the rest of the application would remain protected from email viruses which exploit the preview pane. I guess, after 20+ years in IT designing fault tolerant systems, I have little tolerance for newcomers that refuse to learn from the past or take fundamental software design courses. -- Roland Hughes, President Logikal Solutions (630)-205-1593 http://www.theminimumyouneedtoknow.com http://www.infiniteexposure.net No U.S. troops have ever lost their lives defending our ethanol reserves. On Fri, 2011-01-21 at 20:34 +0000, Marc Deslauriers wrote: > Outlook uses Internet Explorer as its renderer for HTML email. Disabling > the preview pane in Outlook would prevent it from rendering HTML mail > with the Internet Explorer engine which contained multiple security > issues. > > Applying the same logic to a completely different application, such as > Evolution, makes no sense. Unless you can pinpoint a specific issue with > libgtkhtml that would render it more susceptible to buffer overflows > than evolution itself when it processes email, there is no gain in > disabling the preview plane. > > ** Changed in: evolution (Ubuntu) > Status: Incomplete => Opinion > > ** Changed in: evolution (Ubuntu) > Importance: Undecided => Wishlist > -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to evolution in ubuntu. https://bugs.launchpad.net/bugs/703367 Title: Evolution lost ability to turn off preview pane at application level -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
