[Bug 1517446] [NEW] Please add multipart/signed to DEFAULT_PASS_MIME_TYPES
Public bug reported: Mailman tarballs contain a Defaults.py file with this configuration: DEFAULT_PASS_MIME_TYPES = ['multipart/mixed','multipart/alternative','text/plain'] NOTE: I don't know how this file is generated, I found it on the tarballs but not on the repository So, when someone enables filtering on a mailing list by mime-type, the default is to filter all emails not matching any of those 3 mime-types. This list of default mime types allowed misses to include "multipart/signed". Therefore, this is unfortunately filtering any "multipart/signed" emails. "multipart/signed" is defined on RFC 3156 https://tools.ietf.org/html/rfc3156 and is the recommended way of signing mails with GPG. See http://wiki.gnupg.org/SignatureHandling The proposed change is to modify that default configuration to: DEFAULT_PASS_MIME_TYPES = ['multipart/mixed', 'multipart/alternative', 'multipart/signed', 'text/plain', ] This default causes trouble to people that signs their mails with GPG. I already had problems due to this default on the Alioth Debian mailing lists and on the WebKit mailing lists because the admin enabled filtering by mime-type and didn't changed the default. Please, change this default by adding at least 'multipart/signed' to the list of types allowed. ** Affects: mailman Importance: Undecided Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1517446 Title: Please add multipart/signed to DEFAULT_PASS_MIME_TYPES To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1517446/+subscriptions
The proposed change is to modify that default configuration to:
DEFAULT_PASS_MIME_TYPES = ['multipart/mixed', 'multipart/alternative', 'multipart/signed', 'text/plain', ]
I mean: DEFAULT_PASS_MIME_TYPES = ['multipart/mixed', 'multipart/alternative', 'multipart/signed', 'text/plain' ] -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1517446 Title: Please add multipart/signed to DEFAULT_PASS_MIME_TYPES To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1517446/+subscriptions
The tarballs we distribute do not contain Mailman/Defaults.py. They and the lp:mailman/2.1 branch contain only Mailman/Defaults.py.in. Mailman/Defaults.py is generated by configure by applying various configure options and defaults to Mailman/Defaults.py.in. Also, in Python, DEFAULT_PASS_MIME_TYPES = ['multipart/mixed', 'multipart/alternative', 'multipart/signed', 'text/plain', ] and DEFAULT_PASS_MIME_TYPES = ['multipart/mixed', 'multipart/alternative', 'multipart/signed', 'text/plain' ] (without the last comma) are equivalent. Now, as far as the actual bug is concerned, I am unsure as to the best default for pass_mime_types. I agree that various multipart subtypes such as multipart/related and multipart/signed should be accepted so their text/plain sub-parts will be accepted. To this end, I think at a minimum we should have DEFAULT_PASS_MIME_TYPES = ['multipart', 'text/plain'] to accept any text/plain subparts of any multipart type, but this brings up other questions. Namely, should we accept message/rfc822 parts to ultimately accept text/plain parts from attached (forwarded or ?) messages, and if we are accepting multipart/signed, should we also accept the actual signature. For the former, I think the answer is yes. The latter is more complicated because application/pkcs7-signature parts are binary so in the spirit of only accepting text/plain, perhaps we should only accept application/pgp-signature signature parts. I'm tending towards DEFAULT_PASS_MIME_TYPES = ['multipart', 'message/rfc822', 'text/plain', 'application/pgp-signature'] but I'm continuing to think about it. ** Changed in: mailman Importance: Undecided => Low ** Changed in: mailman Status: New => In Progress ** Changed in: mailman Milestone: None => 2.1.21 ** Changed in: mailman Assignee: (unassigned) => Mark Sapiro (msapiro) -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1517446 Title: Please add multipart/signed to DEFAULT_PASS_MIME_TYPES To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1517446/+subscriptions
** Branch linked: lp:mailman/2.1 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1517446 Title: Please add multipart/signed to DEFAULT_PASS_MIME_TYPES To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1517446/+subscriptions
** Changed in: mailman Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1517446 Title: Please add multipart/signed to DEFAULT_PASS_MIME_TYPES To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1517446/+subscriptions
** Changed in: mailman Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1517446 Title: Please add multipart/signed to DEFAULT_PASS_MIME_TYPES To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1517446/+subscriptions
participants (3)
-
carloslp -
Launchpad Bug Tracker
-
Mark Sapiro