On 11/18/15 4:35 AM, Carlos Alberto Lopez Perez wrote: > > I was thinking in changing it to : > > ['multipart/mixed', 'multipart/alternative', 'multipart/signed', 'text/plain'] > > Instead, you suggest to just add [ 'multipart' ] to the list. I have 2 > questions: > - Will 'multipart' match all the 3 previous multipart/variations?
'multipart' will match any MIME multipart/anything content type, including those 3 and multipart/related, multipart/report, etc. See <http://www.iana.org/assignments/media-types/media-types.xhtml#multipart> for the registered sub-types, but some MUAs may create even others. > - Is there any multipart/variation that we shouldn't allow by default? Multipart parts are those which contain other parts as sub-parts. Since ultimately, the elemental (non-multipart) parts that are contained in the multipart part must be explicitly allowed, passing any multipart part should be safe. I.e., considering your issue, you want to accept text/plain parts but they are contained in a multipart/signed part which is not accepted, so those parts are removed. It doesn't matter what multipart types you accept. If the only elemental parts you accept are text/plain, the only elemental parts that will remain after filtering is text/plain parts. > If the answer is yes to the first question and no/notsure the second one, > then I think is a good idea to just add 'multipart' > > Not sure regarding 'application/pgp-signature'. I guess we can include it > also. This depends on your objective in accepting multipart/signed. If you only care about accepting the text and don't mind if the signature is stripped, you don't need to accept signature parts, but if you want to actually deliver a signed or partially signed message to the list, you need to accept the signature parts as well. These include in decreasing order of frequency observed, application/pgp-signature, application/pkcs7-signature and application/x-pkcs7-signature. > Filed: https://bugs.launchpad.net/mailman/+bug/1517446 Noted. Thanks. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
