From: Eli Zaretskii <eliz@gnu.org>
To: Yuri Khan <yuri.v.khan@gmail.com>
Cc: stefankangas@gmail.com, rms@gnu.org, philipk@posteo.net,
akib@disroot.org, emacs-devel@gnu.org, monnier@iro.umontreal.ca
Subject: Re: Never send user email address in HTTP requests
Date: Sun, 17 Dec 2023 16:44:46 +0200 [thread overview]
Message-ID: <83edfkkhwh.fsf@gnu.org> (raw)
In-Reply-To: <CAP_d_8U9FZ3qK2Gj-dNJ9m5Hffk-AZ1DAhkp32DLqCq3Xz5Zow@mail.gmail.com> (message from Yuri Khan on Sun, 17 Dec 2023 21:05:00 +0700)
> From: Yuri Khan <yuri.v.khan@gmail.com>
> Date: Sun, 17 Dec 2023 21:05:00 +0700
> Cc: Stefan Kangas <stefankangas@gmail.com>, rms@gnu.org, philipk@posteo.net,
> akib@disroot.org, emacs-devel@gnu.org, monnier@iro.umontreal.ca
>
> On Sun, 17 Dec 2023 at 19:36, Eli Zaretskii <eliz@gnu.org> wrote:
>
> > Sorry, but I disagree. Emacs should not second-guess the users, and
> > should certainly NOT force them into what we consider to be the secure
> > environment. It is okay to behave securely by default, but if someone
> > wants to be insecure, for whatever reasons, we should let them have
> > the old, insecure behavior. Certainly when we first change the
> > default, since there's a possibility that something will break for
> > someone due to this change, and we need to let users have a fire
> > escape in those cases, until we get our act together in the next
> > release.
>
> The header in question, From, is governed by RFC 9110 § 10.1.2[0], which says:
Thanks, but this isn't relevant to the issue at hand.
> It is good that the default value of ‘url-privacy-level’ is (email),
> preventing the leak by default, but there is no reason to make it
> possible to configure url.el to leak it with every request made from
> Emacs. If you’re running a spider and also just browsing the Web with
> EWW, you probably only want requests from your spider to be attributed
> to you as the spider maintainer.
I remain convinced that we should allow users who actively want that
to make their Emacs behave against any RFCs, when Emacs has been
behaving like that for many years until now.
next prev parent reply other threads:[~2023-12-17 14:44 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-16 2:04 Making package.el talk over Tor Richard Stallman
2023-10-16 6:54 ` Akib Azmain Turja
2023-10-16 7:10 ` Emanuel Berg
2023-10-18 1:42 ` Richard Stallman
2023-11-17 3:53 ` Richard Stallman
2023-11-17 7:03 ` Philip Kaludercic
2023-11-19 3:39 ` Richard Stallman
2023-11-19 6:17 ` Eli Zaretskii
2023-12-09 4:06 ` Richard Stallman
2023-12-09 7:40 ` Eli Zaretskii
2023-12-13 4:58 ` Richard Stallman
2023-12-14 12:25 ` Philip Kaludercic
2023-12-17 3:21 ` Richard Stallman
2023-12-18 4:12 ` Richard Stallman
2023-12-18 8:05 ` Tomas Hlavaty
2023-12-18 8:10 ` Tomas Hlavaty
2023-12-21 4:20 ` Richard Stallman
2023-12-21 9:52 ` Philip Kaludercic
2023-12-21 9:55 ` Philip Kaludercic
2023-12-21 19:15 ` Tomas Hlavaty
2023-12-24 3:57 ` Richard Stallman
2023-12-24 13:36 ` Tomas Hlavaty
2023-12-24 15:19 ` Philip Kaludercic
2023-12-24 20:37 ` Tomas Hlavaty
2023-12-14 12:41 ` Philip Kaludercic
2023-12-14 12:54 ` Emanuel Berg
2023-12-14 13:06 ` Emanuel Berg
2023-12-17 3:21 ` Richard Stallman
2023-12-17 8:23 ` Stefan Kangas
2023-12-17 9:12 ` Eli Zaretskii
2023-12-17 12:02 ` Never send user email address in HTTP requests Stefan Kangas
2023-12-17 12:34 ` Eli Zaretskii
2023-12-17 14:05 ` Yuri Khan
2023-12-17 14:44 ` Eli Zaretskii [this message]
2023-12-17 17:30 ` T.V Raman
2023-12-19 3:51 ` Richard Stallman
2023-12-19 3:53 ` Making package.el talk over Tor Richard Stallman
2023-12-17 11:51 ` Philip Kaludercic
2023-12-17 14:10 ` Yuri Khan
2023-12-19 3:51 ` Richard Stallman
2023-12-19 3:52 ` Richard Stallman
2023-12-19 3:52 ` Richard Stallman
2023-11-18 3:03 ` Richard Stallman
2023-11-18 7:21 ` Eli Zaretskii
2023-11-21 2:39 ` Richard Stallman
2023-10-16 7:12 ` Stefan Kangas
2023-10-16 9:15 ` Philip Kaludercic
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=83edfkkhwh.fsf@gnu.org \
--to=eliz@gnu.org \
--cc=akib@disroot.org \
--cc=emacs-devel@gnu.org \
--cc=monnier@iro.umontreal.ca \
--cc=philipk@posteo.net \
--cc=rms@gnu.org \
--cc=stefankangas@gmail.com \
--cc=yuri.v.khan@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).