From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Stefan Kangas Newsgroups: gmane.emacs.bugs Subject: bug#46472: Make lisp/mail/uce.el obsolete Date: Tue, 12 Oct 2021 10:29:16 -0700 Message-ID: References: <83im6we6v8.fsf@gnu.org> <83mtw8cbku.fsf@gnu.org> <83czoaqrjq.fsf@gnu.org> <83pmsap50e.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="14469"; mail-complaints-to="usenet@ciao.gmane.io" Cc: rgm@gnu.org, monnier@iro.umontreal.ca, 46472@debbugs.gnu.org To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Tue Oct 12 19:30:53 2021 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1maLc5-0003VD-Bp for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 12 Oct 2021 19:30:53 +0200 Original-Received: from localhost ([::1]:33164 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1maLc3-0000Lv-Cb for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 12 Oct 2021 13:30:51 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:54752) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1maLbH-0008HM-3Z for bug-gnu-emacs@gnu.org; Tue, 12 Oct 2021 13:30:03 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:40762) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1maLbG-0008DP-QU for bug-gnu-emacs@gnu.org; Tue, 12 Oct 2021 13:30:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1maLbG-0000VG-Lt for bug-gnu-emacs@gnu.org; Tue, 12 Oct 2021 13:30:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Stefan Kangas Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 12 Oct 2021 17:30:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 46472 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security Original-Received: via spool by 46472-submit@debbugs.gnu.org id=B46472.16340597721821 (code B ref 46472); Tue, 12 Oct 2021 17:30:02 +0000 Original-Received: (at 46472) by debbugs.gnu.org; 12 Oct 2021 17:29:32 +0000 Original-Received: from localhost ([127.0.0.1]:52294 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1maLae-0000Sx-BI for submit@debbugs.gnu.org; Tue, 12 Oct 2021 13:29:32 -0400 Original-Received: from mail-pf1-f173.google.com ([209.85.210.173]:37773) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1maLac-0000Sb-Br for 46472@debbugs.gnu.org; Tue, 12 Oct 2021 13:29:23 -0400 Original-Received: by mail-pf1-f173.google.com with SMTP id q19so169859pfl.4 for <46472@debbugs.gnu.org>; Tue, 12 Oct 2021 10:29:22 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:in-reply-to:references:mime-version:date :message-id:subject:to:cc; bh=KRX21KIRVUjzkpvVkygKWNQ8DTlXbFYZKpppg8m2ExI=; b=lqKJodhGOucDgjUEDmqVCMS7FShbQNZAUdMcKc8/KhJ/9LoTJidP3S3wjLip9Scf8Y CgmJjxh0T67ve0VGdjWRmK0aZQ1AgZmCxrVN6qTZ4dL0n4ipD33GSXOWWGui5y/Ol54z izzHnMGB66gOr8Je1m97wBb3Dke6rIR3xgUX8r55boh4R/poGbT+p5P1tzePG0/l9NqB HQwj4rgke9pKg6jQrxFHT28LIFgfiVqum9JvxIRfFfFMORcYfZLxhJ4zY3dr6s0Saw52 cvDnLDIrKiCI3HYYxZml7dO+wNddVv0nTe0Zu6kbHyVNvF7Wbk1ti8MFbewlWyYOUaVn lxZQ== X-Gm-Message-State: AOAM533FMLldbPq3Ukoho4MLS7gOTCulLRuYY9fS6VRXMp1gi/mGpaSS LldBm0Bb9O0/n5a7/xy+8uk3MUI3J+fN4IqE75He1E6X X-Google-Smtp-Source: ABdhPJygknspJrnQY3hXSPNtewQ3jtZjV4Cv1eTcFiIZlQwlhAvanOEuB85vFOw8QHFvqI11IWxXZhjgQ1JZ4Gz7vuM= X-Received: by 2002:a05:6a00:1586:b0:447:b30c:4a65 with SMTP id u6-20020a056a00158600b00447b30c4a65mr32726004pfk.0.1634059756749; Tue, 12 Oct 2021 10:29:16 -0700 (PDT) Original-Received: from 753933720722 named unknown by gmailapi.google.com with HTTPREST; Tue, 12 Oct 2021 10:29:16 -0700 In-Reply-To: <83pmsap50e.fsf@gnu.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:217065 Archived-At: Eli Zaretskii writes: >> I'd suggest installing the change as attached on emacs-28. If that's >> not possible, I'd like to install it on master, but add the same text to >> the package "Commentary" section on emacs-28. > > On master, please. It is really unfortunate if we can't even document serious security and privacy issues in Emacs 28 at this point. I do not see how such documentation could possibly affect the release date. > And I don't see why have the same text twice. I removed the duplicates in the new patch. Did I send the wrong patch? Or maybe my suggestion was not clear: - Emacs 28: Documentation changes only. Do not merge to master. - Emacs 29: Warning only, no documentation changes. >> +- You will confirm that your email address is valid, thus ensuring >> + you get more spam. >> + >> +- You will leak information (e.g. on your email server and >> + setup), thus opening yourself up for further attack. They are >> + likely to find your IP and \"geolocation\"), which often makes >> + it trivial to find e.g. your home address and phone number. > > The first paragraph is a special case of the second one. Yes, it is also the one that immediately shows why this is counter-productive, so it is worth making into its own item. >> +- You confirm that the email did not land in your spam folder. >> + (This helps them refine their methods of spamming.) > > This is also the same as what you already said. It is subtly different: 1. Spammers can use the information that your address is valid. 2. They can also use the information that their email has been crafted in such a way that they can evade some spam filters. >> +- Scammers have been known to threaten, intimidate, and use other >> + forms of criminal manipulation. Replying to spam can lead down >> + a path that you may not want to be on. > > This is the same as "open yourself to ..." paragraph. It is hammering home the point to a certain extent, sure. I think it is motivated and useful. There is no specific reason to keep this text very brief: it is much more important that it accurately conveys the dangers involved.