Roundup Tracker - Issues


Author ber
Recipients ber, ezio.melotti, rouilj, schlatterbeck
Date 2015-01-05.15:50:37
Message-id <>
There have been discussions on this on December 2014 on the devel ml.

Ralf wrote in the end:
So we should
- check for valid mime-types on incoming attachments (either via
  web-interface or via mail)
  Can be realized as an auditor so that users can change the policy
  here. We should only rewrite clearly invalid mime-types at that point.
- have a whitelist of attachments that can safely be shipped to the
  browser. All mime-types not in the whitelist are shipped as
  application/octet-stream. My tests indicate that browsers will not
  display these attachments with this content-type, they only offer to
  download the file. The original code by Richard attempted this but
  failed on invalid mime-types for reasons indicated above.

I think the hardest part is coming up with a decent whitelist that
doesn't miss too many content-types in use out there.
But users can reconfigure the whitelist (and give feedback) so we can
converge to something usable.

Should be make seperate issues out of this?
Date User Action Args
2015-01-05 15:50:38bersetmessageid: <>
2015-01-05 15:50:38bersetrecipients: + ber, schlatterbeck, rouilj, ezio.melotti
2015-01-05 15:50:38berlinkissue2550848 messages
2015-01-05 15:50:37bercreate