GNU bug report logs - #46472
Make lisp/mail/uce.el obsolete

Previous Next

Package: emacs;

Reported by: Stefan Kangas <stefan <at> marxist.se>

Date: Fri, 12 Feb 2021 21:59:02 UTC

Severity: normal

Tags: security

Fixed in version 29.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Stefan Kangas <stefan <at> marxist.se>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 46472 <at> debbugs.gnu.org
Subject: bug#46472: Make lisp/mail/uce.el obsolete
Date: Sat, 13 Feb 2021 06:25:19 -0600

Eli Zaretskii <eliz <at> gnu.org> writes:

> What you say above was always true: replying to spam bears an inherent
> risk.  This didn't change in any way, so how will we justify
> obsoleting this package now?

I think the methods for dealing with spam has developed quite a bit
since 1996, so I'm not quite sure I follow this argument.  The
justification is that no one should waste time replying to spam; they
should use a spam filter.

If you are looking for strictly technical reasons for obsoleting it, of
course they exist too: Anyone that wants to reply to an email using
pre-written drafts can do so using skeleton, tempo, abbrev, etc.  Those
are better tools that cover this use-case.

> I don't think our personal opinions on which is or isn't useful
> practices are reasons good enough to make it harder for others to use
> those practices if they so wish.

Whether or not replying to spam is good or bad is not really a matter of
personal opinion; it is objectively bad.  You can find any number of
security and privacy experts that could explain why:

- You will confirm your email address is valid, ensuring you get more
  spam.

- Sender address is probably fake.  (For example, you might unwittingly
  participate in flooding someones mailbox.  The abuse <at> domain and
  postmaster <at> domain is also unlikely to be able to act on your reply.)

- You open yourself up to various kinds of social engineering.

- You might leak information (e.g. on your email server and setup).

Encouraging this bad practice by shipping uce.el puts unknowing users at
risk, and promotes a bad method of dealing with spam.  We should instead
discourage this bad practice by moving it to obsolete/.

> It isn't our prerogative to tell others what to do or not to do in
> these circumstances.

Anyone would of course still free to continue doing whatever they want
(for example by making a copy of the obsolete libary for their own use).

But I think we should be equally free to (strongly) recommend against
bad practices.
This bug report was last modified 3 years and 33 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.