From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id CDD7A431FBD; Sat, 5 Dec 2009 14:49:05 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at olra.theworths.org Received: from olra.theworths.org ([127.0.0.1]) by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id scJHdFuUxXin; Sat, 5 Dec 2009 14:49:04 -0800 (PST) Received: from yoom.home.cworth.org (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id D8CFD431FAE; Sat, 5 Dec 2009 14:49:04 -0800 (PST) Received: by yoom.home.cworth.org (Postfix, from userid 1000) id 981002542FB; Sat, 5 Dec 2009 14:49:04 -0800 (PST) From: Carl Worth To: Marten Veldthuis , Michael Alan Dorman , notmuch@notmuchmail.org In-Reply-To: <87hbs5u7kh.fsf@home.veldthuis.com> References: <1259267025-28733-1-git-send-email-dottedmag@dottedmag.net> <1259788526-14205-1-git-send-email-dottedmag@dottedmag.net> <87zl5zfty5.fsf@yoom.home.cworth.org> <87k4x29732.wl%bremner@pivot.cs.unb.ca> <87bpiefwdq.fsf@yoom.home.cworth.org> <87aaxysjdj.fsf@vertex.dottedmag> <87aaxyfuz4.fsf@yoom.home.cworth.org> <20091204140946.644243f0@vimes.local> <87hbs6dzjd.fsf@yoom.home.cworth.org> <87hbs5u7kh.fsf@home.veldthuis.com> Date: Sat, 05 Dec 2009 14:48:55 -0800 Message-ID: <87zl5xca08.fsf@yoom.home.cworth.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" Subject: Re: [PATCH (rebased)] Handle message renames in mail spool X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Dec 2009 22:49:06 -0000 --=-=-= Content-Transfer-Encoding: quoted-printable On Sat, 05 Dec 2009 09:51:58 +0100, Marten Veldthuis = wrote: > On Fri, 04 Dec 2009 16:39:50 -0800, Carl Worth wrote: > > But when viewing an actual message, I'm still planning on having notmuch > > just return an arbitrary filename from the list of filenames associated > > with that message. Does anyone see any problem with that? Can you think > > of a case where you'd really care about seeing one or the other of > > a particular duplicated message? >=20 > As long as it's deterministic. But if you don't display the first > filename received, couldn't you exploit this by spoofing message ids? What it currently does is use the filename of the first file that notmuch encounters. That's different than "first received", but either way, there's still a race condition here for active spoofing attempts. And, yes, actual intentional collisions of message IDs is something I hadn't given thought to yet. So thanks for bringing that up. It's definitely a case where you'd want to know and see the difference. So maybe what we really want to do is to display some full-context diff of the message by default, and have notmuch learn about differences the user isn't interested in seeing, (such as mailing-list footers or so). That sounds workable and should make any spoofing attempt obvious to the user. =2DCarl --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iD8DBQFLGuNY6JDdNq8qSWgRAtZaAJ9x0vy9l2NRNiVCMdlNt+8czC0BVQCcDRbW dpnezO8Ou8rUZ2a7Sl+kE5o= =Lqtp -----END PGP SIGNATURE----- --=-=-=--