HTML by default in KMail
ubuntu at kitterman.com
Fri Aug 6 14:47:24 BST 2010
On Friday, August 06, 2010 06:42:54 am Myriam Schweingruber wrote:
> On Fri, Aug 6, 2010 at 12:28, Jonathan Riddell <jriddell at ubuntu.com> wrote:
> > At Akademy I queried the current and past KMail maintainers about HTML
> > by default in e-mails. They seemed to agree that it was a bit old
> > fashioned to be keeping it off and agreed it would be fine to turn it
> > on by default (in Kubuntu and upstream). It seems unfriendly to me to
> > show a message with most e-mails that the programme is hiding
> > something from the user.
> > KMail has large warnings in it's config box about security problems
> > that might magically appear. I can imagine it would help with
> > As someone who uses a terminal programme for my e-mail I doubt my
> > opinion weights for much but I'd like to hear thoughts people have on
> > the setting.
> I am strongly against turning it on. I don't see a valid reason to
> turn it on btw, as the user always gets an option to allow displaying
> of pictures/graphics for a particular sender. Also since half of the
> mail I get during the day is spam and they tend to often send HTML, I
> am very glad it is turned off by default.
> A Linux system is by default secure, enabling HTML is certainly not.
> Let the users who want to have it turn it on by themselves, but don't
> do so by default. I would really hate it to see kmail users of the
> future send html by default to mailing lists...
> Regards, Myriam.
I agree with this. Yes, plain text by default may seem a bit old fashioned,
but HTML by default opens a large number of additional code paths to potential
exploits (and it appears to be very difficult to write secure HTML parsers).
The system should default to a safe/secure configuration that users can change
if they choose.
More information about the kubuntu-devel