over in id:87mug6kyyv....@fifthhorseman.net i started looking at the ways that notmuch sometimes synthesizes a message-id.
In previous discussions around it, (e.g. in NEWS about notmuch 0.17) it's assumed that the form of the message-id itself -- it starts with "notmuch-sha1-" -- should be sufficient to distinguish such a message from a non-synthesized messaage. But, a mail user agent is typically well-served by paranoia -- an external malicious party can of course generate a message myself with such a message-id (e.g. this message). The pattern that we've been gradually establishing is that when notmuch itself does some unusual processing on a specific message, it notes the fact of that processing in a property on the message object (cf notmuch-properties(7)). It would make sense to set such a property when synthesizing a message-id, i think. I don't have time to implement this myself right now, but i thought i'd record it here on the mailing list as a feature request. Maybe someone looking to cut their teeth on the notmuch codebase with a relatively well-defined task could suggest a patch? --dkg
signature.asc
Description: PGP signature
_______________________________________________ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch