On Mon, Aug 17, 2020 at 10:37:57PM -0500, Derek wrote in
<20200818033757.gd28...@bladeshadow.org>:
It's worth pointing out one additional point that I haven't: The
data in an attachment might be considered sensitive by the person
sending you the attachment, whereas to YOU it doesn't matter in the
slightest. By relaxing your umask, you're reducing the security of
all of your senders' data, BY DEFAULT, without their knowledge or
consent.
That seems a bit far fetched to me. If you don't want your precious attachment
to make it out to the public, don't send it. Once you hit send, it is out of
your hands, a umask in mutt is not going to make a difference there.
The difference between us is basically that I prefer that the user
have the *possibility* to do it in the "wrong" way after being
warned about consequences. Of course sane/secure defaults are a
must.
Have you not been paying attention to the heat that Facebook and other
sites have been taking for their lack of care in protecting users'
sensitive data?
That is not a good analogy. Sacha was not proposing changing anything like that
but just proposing a patch that would help them and perhaps make others life
easier too; No defaults would be changed and I can't see how this would catch
anyone unaware.
The subject has been dropped by Sacha, why can't you just let it rest at that?
Not everything needs to be argued to death just to score your victory points,
does it? You made your point, time to move on.
Sincerely,
Remco
