[Vagrant Cascadian] Bug#759646: notmuch-emacs: switching mode= to invalid value sends unencrypted mail
David Edmondson
dme at dme.org
Mon Feb 8 09:52:01 PST 2016
[Raking over history...]
On Sat, Nov 29 2014, David Bremner wrote:
> David Edmondson <dme at dme.org> writes:
>
>> On Tue, Sep 02 2014, Tomi Ollila wrote:
>>> On Tue, Sep 02 2014, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
>>>
>>>> On 08/30/2014 03:37 AM, Jani Nikula wrote:
>>>>> I'm inclined to think this is a bug in message-mode.
>>>>
>>>> I agree it's a bug in message-mode, not in notmuch itself.
>>>
>>> I think it might be here:
>>>
>>> http://bzr.savannah.gnu.org/lh/emacs/emacs-24/annotate/head:/lisp/gnus/mml.el#L258
>>>
>>> (it takes time to load, please wait...)
>>>
>>> If cond does not match, then don't fail...
>>
>> This looks to have been fixed in emacs at the end of September 2014.
>
> Right, this fix was released in emacs 24.4
>
> I'm a little torn what to do here. On the one hand the upstream change
> fixes the bug as reported. On the other hand, if something corrupts the
> #secure tag (e.g., by deleting a letter), then the message is still sent
> un-uncrypted.
That's true, but it's undoubtedly an upstream bug rather than a
notmuch-emacs bug.
If we apply some heuristic workaround in notmuch, users of gnus (and
mu4e?) will still be vulnerable to the same problem. The right thing to
do is report (and fix) the bug upstream.
More information about the notmuch
mailing list