[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: mutt no longer in non-us?

Joseph Carter wrote:
> The software provides configuration file options which allow you to run
> any arbitrary program through standard functions used for running any and
> every program on the system and captures the results.  This does not
> constitute hooks for encryption, though it arguably would if mutt were
> somehow linked with some library which provided cryptography functions.

Quoting a small fraction of 3.3 thousand lines of mutt code that constitue the
interface to gpg/pgp:

  snprintf(cmd, sizeof(cmd),
             "%s%s --no-verbose -v --batch  -o - "
             "--digest-algo %s "
             "--encrypt%s --textmode --armor --always-trust %s%s",
             sign? " --passphrase-fd 0":"",
             sign? " --sign":"",
             PgpSignAs? "-u " : "",
             PgpSignAs? PgpSignAs : "" );

This goes well beyond running an arbitrary program. There is a large
difference of degree between three thousand lines of code like this this and
bash's generic exec() of a passed command.

I still think mutt belongs in non-US. Why are people so opposed to putting
it there? Putting a program like this in non-US just points out that the US
government's laws are so brain-dead that they consider a mail reader a
munition, thus raising public awareness of the problem. It doesn't
inconvenience Debian much at all.

The Debian mutt package also continues to ignore the wishes of mutt's
upstream authors, who do belive mutt contains crypto hooks, and who only
make the version available from outside the US for that reason.

I think that Debian should obey the wishes of upstream authors whenever it
is at all possible, and *must* comply with all local laws, however

see shy jo

Reply to: