> In an earlier discussion (possiby outside this bug), Magnus had stated his opinion, that ...
Sorry, I have many other duties and I'm really confused by all the discussions going on. Maybe we should jump onto a conference call or have an overview document or some such. I remember that I suggested to show signed HTML message as "simple HTML" by default, which AFAIK removes all CSS, with a big warning.
Frankly, and please excuse the ignorant comment, we also need to define what "signing" actually means. Does it mean that we guarantee that the message originates from the person it claims to originate from, or do we also need to ensure that it doesn't contain any malicious content? Why would people who's lives are at risk not revert to safe plaintext messages? Do we really need to bend backwards and eliminate every possible danger of using the "e-mail tool". Any tool has its dangers which can cause damage or death if used improperly. Again, I don't think Edward was using HTML mail in critical situations.
Bug 1530106 Comment 65 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
> In an earlier discussion (possiby outside this bug), Magnus had stated his opinion, that ... Sorry, I have many other duties and I'm really confused by all the discussions going on. Maybe we should jump onto a conference call or have an overview document or some such. I remember that I suggested to show signed HTML message as "simple HTML" by default, which AFAIK removes all CSS, with a big warning. Frankly, and please excuse the ignorant comment, we also need to define what "signing" actually means. Does it mean that we guarantee that the message originates from the person it claims to originate from, or do we also need to ensure that it doesn't contain any malicious content? Why would people who's lives are at risk not revert to safe plaintext messages? Do we really need to bend backwards and eliminate every possible danger of using the "e-mail tool". Any tool has its dangers which can cause damage or death if used improperly. Again, I don't think Edward was using HTML mail in critical situations. EDIT: That said: There's nothing wrong with making **signed** e-mail safer, along the lines of comment #0 point 2 iii: Remove CSS in replies.