HTML by default in KMail

Ralph Janke txwikinger at ubuntu.com
Fri Aug 6 15:42:53 BST 2010 

On 08/06/2010 09:47 AM, Scott Kitterman wrote:
> On Friday, August 06, 2010 06:42:54 am Myriam Schweingruber wrote:
>    
>> On Fri, Aug 6, 2010 at 12:28, Jonathan Riddell<jriddell at ubuntu.com>  wrote:
>>      
>>> At Akademy I queried the current and past KMail maintainers about HTML
>>> by default in e-mails.  They seemed to agree that it was a bit old
>>> fashioned to be keeping it off and agreed it would be fine to turn it
>>> on by default (in Kubuntu and upstream).  It seems unfriendly to me to
>>> show a message with most e-mails that the programme is hiding
>>> something from the user.
>>>
>>> KMail has large warnings in it's config box about security problems
>>> that might magically appear.  I can imagine it would help with
>>> phishing.  I could also imagine javascript security problems, although
>>> I'd hope javascript isn't allowed in Kmail e-mails I could be wrong.
>>>
>>> As someone who uses a terminal programme for my e-mail I doubt my
>>> opinion weights for much but I'd like to hear thoughts people have on
>>> the setting.
>>>        
>> I am strongly against turning it on. I don't see a valid reason to
>> turn it on btw, as the user always gets an option to allow displaying
>> of pictures/graphics for a particular sender. Also since half of the
>> mail I get during the day is spam and they tend to often send HTML, I
>> am very glad it is turned off by default.
>>
>> A Linux system is by default secure, enabling HTML is certainly not.
>>
>> Let the users who want to have it turn it on by themselves, but don't
>> do so by default. I would really hate it to see kmail users of the
>> future send html by default to mailing lists...
>>
>>
>> Regards, Myriam.
>>      
> I agree with this.  Yes, plain text by default may seem a bit old fashioned,
> but HTML by default opens a large number of additional code paths to potential
> exploits (and it appears to be very difficult to write secure HTML parsers).
>
> The system should default to a safe/secure configuration that users can change
> if they choose.
>
> Scott K
>
>    
+1

Ralph (txwikinger)

More information about the kubuntu-devel mailing list