Derek Martin <inva...@pizzashack.org> wrote: > On Sat, Jan 09, 2021 at 10:54:28PM +0000, Eric Wong wrote: > > Hi Remco, > > > > So I'm looking at 9da4e6e11e7037668d0ca7e8f5d6773d26e379ac > > (I noticed this in mutt 2.0.2 on FreeBSD) > > > > This is a bad change > > You should have just stopped there. This is a bad change, as I argued > when it was originally discussed. Given that there was neither > agreement about how to change it, even amongst those who thought it > should change, nor any concrete example of harm caused by the original > format, it should never have been changed.
I admit I don't pay very close attention to this list since mutt mostly works well for me; but vaguely remembering it was rejected last year... (Maybe it was discussed on GitLab, but I can't be bothered with swap storms on JS/CAPTCHA-infested sites like GL) > This thread is a good example of why you don't arbtrarily change > things that have worked the same way for 20 years without a very good > reason: You have NO IDEA what the change will break or how many > people will be affected by the breakage. For all of the above > reasons, the new patch should not be accepted, and the original change > should be REVERTED. Well, mistakes happen... How we deal with them moving forward is important, though. Fwiw, I concur the PID in Message-IDs was a bad idea since it does unnecessarily leak information about system usage. I'm no security expert, though I seem to remember kernel patches that would randomize PID allocation in Linux. > FWIW, the message ID should NOT be URL-encoded. That is the job of > the web interface for the archives/whatever. Using such an encoding > makes it harder for the humans to read and compare message IDs, but > programs have no trouble doing such conversions as needed. The only > time it should be URL-encoded is when it is in a URL. Mutt doesn't > generate those. Right. In case there's any confusion, my proposed patch does not do URL-encoding; it merely avoids characters that would need URL-encoding when a Message-ID gets used as part of a URL.
