On Sun, 07 Jul 2002 10:16:15 -0700
Chuq Von Rospach <chuqui @
> That works. JC is thinking instead of neutering it in the list server.
Responding more to your para below than the quote above:
Yes, as a list owner I'm largely attempting to build and establish
something of a safe house. I would like, both at personal
responsibility level and as a point of professionalism, to have my
users know and trust that what they get from me and my systems is
exactly what it pretends to be, no more, no less, and with no hidden
baggage or less than shiny clean safe riders.
Idealistic? Damned right, especially in these days of rampant mail
forgery. But, its important to me and its something I'm not
particularly willing to back down on. I like to consider that I run
lists well, that I do so in a professional and competent manner, and
that in doing so I build and operate something that is worthy of trust
even outside of its topic-content. And that all means attempting to be
clever on user's behalf at the server level.
> I think at some point, however, you have to stop babysitting the user.
> Protecting them from dangerous code coming through the server is one
> thing. Privacy issues ought to be left to the user to resolve, not
> the server.
Unfortunately the line is not so clear. The innocuous HTML mail of
today with external links can be the pernicious mail of tomorrow by
simply changing the objects those links point at. This is especially
Unfortunately I expect you're right however, if only on the basis of
triage. We all know where it will end up. Some will (perhaps wisely)
ostrich and strip HTML et al far into the future, a vast middle ground
will attempt to sanitise mail and will thus engage in an arms race with
the Bad Guys as they both counter-counter-adapt to each other's tricks,
and the rest will just pass everything -- and the users, as always, will
J C Lawrence
---------(*) Satan, oscillate my metallic sonatas.
nu He lived as a devil, eh?
http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.