On Tue, Jan 19, 2010 at 11:21:37AM +0100, Norbert Preining wrote: > This bug is now tagged since quite some time as pending, > and you can count me and several people around me as > another one of the group counting it as > serious > > The default setup *has* to respect privacy. If not, I will file > a chnage against policy that the failure to respect privacy > has to be considered a grave bug, like a security bug. > > I consider the ignorance with which the maintainers of mutt are treating > this bug quite inappropriate. A simple upload with unsetting the > write_bcc is definitely a must, and *now* and not at some > unspecified time. This discussion is now running since years!! > > That this bug is present in stable -- the bug is not the wrong > documentation, but that mutt does not delete the bcc headers -- > and still the same is going on in unstable. > > I urge the maintainers to take action, or I will raise the priority > to make it clear that releasing software and letting it into > the next stable that still breaks the basic rules of privacy > is not acceptable. Furthermore, if no proper action is taken, I will > prepare an NMU for that. > > BTW, I didn't complain till now, because in my .muttrc this is set since > ages. If I would have realized that *per*default* in Debian BCC headers > are *not* stripped from emails, I would have gone havoc already > 3 years earlier.
Hi Norbert, I understand your point and the discussion has been going on because we tried to find an agreement with the maintainer and the exim guys, unfortunately this wasn't possible and, as it seems, we are the point where this should be patched. When I say "we" I mean the Debian mutt maintainers, neither the mutt maintainers or the exim maintainers. Anyway, I will prepare an upload to unstable this afternoon, it will include the patch that was discussed above, rather than changing the write_bcc setting. As soon as the upload will hit testing I will prepare a backport of the patch for the stable branch. Cheers Antonio -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
