Re: [PATCH] emacs: change default for notmuch-crypto-process-mime to t

Subject: Re: [PATCH] emacs: change default for notmuch-crypto-process-mime to t

Date: Tue, 11 Jul 2017 19:01:42 -0400

Cc: David Bremner, notmuch@freelists.org, notmuch@notmuchmail.org

On Mon 2017-07-10 20:48:40 -0400, Brian Sniffen wrote:
> Gpg is exposed to some zip bomb problems last I looked. But the worst
> that could do is fill your disk or crash your Emacs, right?  And I
> suspect the MIME library exposes similar issues in quantity.

Could you point to the zip bomb problem, Brian?  the quine (infinite
zipbomb) i think is limited by some sort of hard-coded depth constant.
are you referring to an infinite blowup, or "just" a finite expansion?

i agree that i expect GMime to be subject to finite expansions as well
(i haven't experimented with them though), but i think neither gpg nor
GMime should be subject to infinite expansion.

if you think otherwise, i'd be happy to read pointers.

thanks for raising this concern!

       --dkg

Previous message (by thread): Re: [PATCH] emacs: change default for notmuch-crypto-process-mime to t

Thread:

David Bremner—[PATCH] emacs: change default for notmuch-crypto-process-mime to t [inbox, notmuch::obsolete, notmuch::patch, unread]
- Tomi Ollila—Re: [PATCH] emacs: change default for notmuch-crypto-process-mime to t [inbox, unread]
- Daniel Kahn Gillmor—Re: [PATCH] emacs: change default for notmuch-crypto-process-mime to t [inbox, signed, unread]
  - Brian Sniffen—Re: [PATCH] emacs: change default for notmuch-crypto-process-mime to t [inbox, unread]
    - Daniel Kahn Gillmor—Re: [PATCH] emacs: change default for notmuch-crypto-process-mime to t [inbox, unread]
- David Bremner—[PATCH] emacs: change default for notmuch-crypto-process-mime to t [inbox, notmuch::patch, notmuch::pushed, unread]
  - David Bremner—Re: [PATCH] emacs: change default for notmuch-crypto-process-mime to t [inbox, unread]