GNU bug report logs -
#58171
29.0.50; Change gnus-user-agent to nil by default
Previous Next
Reported by: Stefan Kangas <stefankangas <at> gmail.com>
Date: Thu, 29 Sep 2022 16:46:02 UTC
Severity: wishlist
Tags: wontfix
Found in version 29.0.50
Done: Lars Ingebrigtsen <larsi <at> gnus.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 58171 in the body.
You can then email your comments to 58171 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#58171; Package
emacs.
(Thu, 29 Sep 2022 16:46:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Stefan Kangas <stefankangas <at> gmail.com>:
New bug report received and forwarded. Copy sent to
bug-gnu-emacs <at> gnu.org.
(Thu, 29 Sep 2022 16:46:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Severity: wishlist
This is a proposal to set `gnus-user-agent' to non-nil by default.
To save some typing, I'll just quote what Daniel Kahn Gillmor said when
they made this change in notmuch back in 2016:
> The User-Agent: header can be fun and interesting, but it also leaks
> quite a bit of information about the user and their software stack.
>
> This represents a potential security risk (attackers can target the
> particular stack) and also an anonymity risk (a user trying to
> preserve their anonymity by sending mail from a non-associated account
> might reveal quite a lot of information if their choice of mail user
> agent is exposed).
>
> It makes sense to have safer defaults.
https://notmuchmail.org/pipermail/notmuch/2016/022789.html
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#58171; Package
emacs.
(Thu, 29 Sep 2022 17:06:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 58171 <at> debbugs.gnu.org (full text, mbox):
Stefan Kangas <stefankangas <at> gmail.com> writes:
> This is a proposal to set `gnus-user-agent' to non-nil by default.
^^^^^^^
Should be "nil", of course, as in the subject.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#58171; Package
emacs.
(Fri, 30 Sep 2022 13:38:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 58171 <at> debbugs.gnu.org (full text, mbox):
Stefan Kangas <stefankangas <at> gmail.com> writes:
> To save some typing, I'll just quote what Daniel Kahn Gillmor said when
> they made this change in notmuch back in 2016:
>
>> The User-Agent: header can be fun and interesting, but it also leaks
>> quite a bit of information about the user and their software stack.
>>
>> This represents a potential security risk (attackers can target the
>> particular stack) and also an anonymity risk (a user trying to
>> preserve their anonymity by sending mail from a non-associated account
>> might reveal quite a lot of information if their choice of mail user
>> agent is exposed).
>>
>> It makes sense to have safer defaults.
I think in the case of Gnus, defaulting this header to nil would just be
security theatre -- there so many distinctive features in how
Gnus/Message formats messages that anybody can tell that it's from Emacs
even without that header.
So I don't think it makes sense to do this, and I'm closing this bug
report.
Added tag(s) wontfix.
Request was from
Lars Ingebrigtsen <larsi <at> gnus.org>
to
control <at> debbugs.gnu.org.
(Fri, 30 Sep 2022 13:38:02 GMT)
Full text and
rfc822 format available.
bug closed, send any further explanations to
58171 <at> debbugs.gnu.org and Stefan Kangas <stefankangas <at> gmail.com>
Request was from
Lars Ingebrigtsen <larsi <at> gnus.org>
to
control <at> debbugs.gnu.org.
(Fri, 30 Sep 2022 13:38:03 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#58171; Package
emacs.
(Fri, 30 Sep 2022 13:54:01 GMT)
Full text and
rfc822 format available.
Message #18 received at 58171 <at> debbugs.gnu.org (full text, mbox):
Lars Ingebrigtsen <larsi <at> gnus.org> writes:
> I think in the case of Gnus, defaulting this header to nil would just be
> security theatre -- there so many distinctive features in how
> Gnus/Message formats messages that anybody can tell that it's from Emacs
> even without that header.
For me, the greater concern is anonymity/privacy, where I do think
it's better to be less specific.
How about removing just the Emacs version? If you announce "29.0.50",
only very few people will be running that version at any given time,
certainly fewer than is running the releases.
Information forwarded
to
bug-gnu-emacs <at> gnu.org:
bug#58171; Package
emacs.
(Fri, 30 Sep 2022 14:03:01 GMT)
Full text and
rfc822 format available.
Message #21 received at 58171 <at> debbugs.gnu.org (full text, mbox):
Stefan Kangas <stefankangas <at> gmail.com> writes:
> How about removing just the Emacs version? If you announce "29.0.50",
> only very few people will be running that version at any given time,
> certainly fewer than is running the releases.
That's a good point. I've now removed the `type' and `emacs' from the
default value.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Sat, 29 Oct 2022 11:24:08 GMT)
Full text and
rfc822 format available.
This bug report was last modified 2 years and 265 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.