https://bugs.kde.org/show_bug.cgi?id=67516
--- Comment #8 from kavol <[email protected]> --- (In reply to comment #5) > I've never seen such partial messages... great, and I've never had any music in MusePack or WavePack or some other formats that are supported by Qmmp - yet it hadn't prevented me from translating the respective plugins when I was working on Qmmp translation to Czech, and it doesn't prevent me from building these plugins (and resolving any build issues associated with them) when maintaining the Qmmp package in Fedora ... > Kavol, could you please post an example? no, because 10 MiB attachments are not allowed here (In reply to comment #7) > Yes, I remember and found some evidence that they are still produced by > recent Outlook versions. However, these days they seem to be mostly used for > obfuscating malware, because split up attachments can't be checked by > antivirus software. please do more research these days, they are *still* produced by multipurpose office machines when sending large emails (bix scans and faxes converted to emails) > The security problems are so large that even Exchange Server 2007 blocks > them, as well as Qmail and probably more mail servers and antivirus > software. Finally, US-CERT explicitely warns from automatically reassembling > the partial messages (https://www.kb.cert.org/vuls/id/836088) and proposes > rejecting partial messages. ahem, isn't this a bit incomplete? - US-CERT mentions blocking this type as one of *four* possible solutions ... btw, isn't a reference to a document that is more than ten years old a bit inappropriate when you are talking about "these days"? > So if some really stable code I'm just sad that kmail team hadn't demanded "really stable code" also when transitioning to Akonadi ... > with secure logics and a foolproof UI existed, > we might want to think about it. > But it doesn't, yes, this is the point of this RFE that we, the humble users, are asking you, the mighty developers, to write it ... btw, I really do not understand what do you mean by demanding a code that has its own UI? - kmail is *the* UI, what do you need is the backend which will compose the parts into one message ... as for the UI, you even have a solid basis in kmail for this - it could be the same like when kmail is asking about displaying html content or reading the external links > and the demand has been ceasing, [Citation needed] I still need this when receiving large attachments from our office machine; meanwhile, the number of people employed in the same office, thus using the same machine, has grown ... > so I think it's really not worth the hassle. > Therefore I'm marking this WONTFIX. hm, what would it take to reconsider? -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ Kdepim-bugs mailing list [email protected] https://mail.kde.org/mailman/listinfo/kdepim-bugs
