block 950319 by 928037 thanks On Sat, Feb 01, 2020 at 08:21:20AM +0100, Frank Loeffler wrote: > in the mailcap is able to prevent shell escapes. This is why the replacing > program must be the one doing this. Thus, if any tool using mailcap does not > quote filenames properly and only relies on mailcap to do it for them, that > would be a (security) bug within that tool.
Yes, and what happens if the MUA does not do that? Then we would exchange a problem to an other? And given that the actual user base of LO will probably use more GUI MUAs than mutt I'd prefer if they keep working. > I agree that this is confusing. I commented on a related bug within mutt Indeed. > first, only later realizing that mutt actually does it the right way. > #928037 contains thoughts about this, including links to other threads, that > show the problem from a more or less neutral view. This is why #928037 > exists: the RFC is rather unhelpful and other documentation does not really > show users how those entries should be handled, right now. Let's wait what comes out of 928037 then... Regards, Rene
