Hi Kevin, On Fri, Apr 19, 2024 at 10:41:58AM +0800, Kevin J. McCarthy wrote: > On Fri, Apr 19, 2024 at 01:59:57AM +0200, Alejandro Colomar wrote: > > BTW, now that I remember, while developing these things for neomutt(1), > > I found that mutt(1) has a bug (?) by which it does actually protect > > some header fields precisely in the way that I implemented them in > > neomutt(1), with the difference that mutt(1) does it on accident. > > As Derek mentioned, mutt is in maintenance mode. I don't have much, if any, > time available to address issues except for genuine crashes or > vulnerabilities.
I can write the code, if you have the time to review it. I've already written it for neomutt(1), so I'd only need to adapt it a little bit. > However, I'd like to point out that mutt added basic support for Protected > Headers in the 2.0 release, following the Autocrypt project spec at the time > <https://github.com/autocrypt/protected-headers>. Since then, undoubtedly, > they've advanced the proposed spec, but I haven't followed it. > > However, saying that mutt adds those headers by accident or as a bug seems a > bit uninformed. Ahh, sorry. I assumed it was by accident because it didn't make sense to me that you protect headers but then don't display them. I was wrong; I've found that you protect them on purpose in mutt_protect(). Which makes me wonder: if you considered it good to protect them, why not display them, as with the protected subject? Did you forget? What good is a protected header that is not shown, nor validated? Yeah, one would be able to inspect the raw message to check if it contains the headers, but meh. So, we wouldn't need to add much to mutt(1). If you want me to send the patches, just let me know. Have a lvoely day! Alex -- <https://www.alejandro-colomar.es/>
signature.asc
Description: PGP signature
