Debian Bug report logs -
#40435
lynx: takes privacy too seriously [NO_ANONYMOUS_EMAIL]
Reported by: Francesco Potorti` <F.Potorti@cnuce.cnr.it>
Date: Tue, 29 Jun 1999 15:48:00 UTC
Severity: normal
Tags: fixed-upstream
Fixed in version lynx/2.8.6-1
Done: warp@debian.org (Zephaniah E. Hull)
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Christoph Martin <christoph.martin@uni-mainz.de>
:
Bug#40435
; Package lynx-ssl
.
(full text, mbox, link).
Acknowledgement sent to Francesco Potorti` <F.Potorti@cnuce.cnr.it>
:
New bug report received and forwarded. Copy sent to Christoph Martin <christoph.martin@uni-mainz.de>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: lynx-ssl
Version: 2.8.1-2
Severity: normal
When NO_FROM_HEADER is TRUE, as it is the default, no mail headers are
sent, even for comments wxplicitely sent by the user. This is not a
reasonable behaviour. That option should only be applied to From headers
sent in http requests, not to From headers in regular mail.
In my case, for example, I don't want my mail address to be sentto anyone
with every http request, but I do want it to be sent with a From: mail
header when I send comments, because the address that lynx builds is not
valid (well, it is, currently, but soon it will not be any more).
-- System Information
Debian Release: potato
Kernel Version: Linux pot 2.2.8 #2 Tue May 18 14:37:02 CEST 1999 i686 unknown
Versions of the packages lynx-ssl depends on:
ii libc6 2.1.1-12 GNU C Library: Shared libraries and timezone
ii libssl09 0.9.2b-3 SSL shared libraries
ii slang1 1.2.2-2.1 The S-Lang programming library - runtime ver
ii zlib1g 1.1.3-3 compression library - runtime
--- Begin /etc/lynx.cfg (modified conffile)
#
#
#
#
#
#
#
STARTFILE:http://www.cnuce.pi.cnr.it/
#
HELPFILE:file://localhost/usr/doc/lynx/lynx_help/lynx_help_main.html
#
DEFAULT_INDEX_FILE:http://www.ncsa.uiuc.edu/SDG/Software/Mosaic/MetaIndex.html
#
#
#
#
#
#
#
#
#
#
SAVE_SPACE:~/
#
LYNX_HOST_NAME:pot.cnuce.cnr.it
#
LOCALHOST_ALIAS:fly.cnuce.cnr.it
#
LOCAL_DOMAIN:cnuce.cnr.it
#
#
#
#
#
#
#
PREFERRED_LANGUAGE:en,it
#
#
URL_DOMAIN_PREFIXES:www.
URL_DOMAIN_SUFFIXES:.com,.it,.edu,.net,.org
#
#
#
#
#
#
#
#
#
#
DEFAULT_CACHE_SIZE:50
#
#
#
#
#
#
#
#
#
#
LOCAL_EXECUTION_LINKS_ALWAYS_ON:FALSE
LOCAL_EXECUTION_LINKS_ON_BUT_NOT_REMOTE:FALSE
#
#
#
#
#
#
TRUSTED_EXEC:none
#
#
#
ALWAYS_TRUSTED_EXEC:none
#
#
#
TRUSTED_LYNXCGI:none
#
#
#
#
#
#
#
MAIL_SYSTEM_ERROR_LOGGING:FALSE
#
#
CHECKMAIL:TRUE
#
NNTPSERVER:newsserver.unipi.it
#
#
#
#
NEWS_POSTING:TRUE
#
LYNX_SIG_FILE:.signature
USE_MOUSE:TRUE
#
#
SET_COOKIES:TRUE
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
DEFAULT_EDITOR:ae
#
#
#
#
#
#
#
#
#
PRINTER:Print to default printer:lpr %s:FALSE
PRINTER:Print to LWPiano1N:lpr -PLWPiano1N %s:FALSE
#
#
#
#
#
#
#
#
#
#
#
#
#
NO_DOT_FILES:FALSE
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
MINIMAL_COMMENTS:TRUE
#
#
#
#
#
#
#
#
ENABLE_SCROLLBACK:TRUE
#
#
#
#
#
#
#
#
#
GLOBAL_EXTENSION_MAP:/etc/mime.types
#
PERSONAL_EXTENSION_MAP:.mime.types
#
#
XLOADIMAGE_COMMAND:xv %s
#
#
#
#
#
#
VIEWER:application/postscript:gv %s&:XWINDOWS
VIEWER:image/gif:xv %s&:XWINDOWS
VIEWER:image/x-xbm:xv %s&:XWINDOWS
VIEWER:image/x-rgb:xv %s&:XWINDOWS
VIEWER:image/x-tiff:xv %s&:XWINDOWS
VIEWER:image/jpeg:xv %s&:XWINDOWS
VIEWER:video/mpeg:mpeg_play %s &:XWINDOWS
#
GLOBAL_MAILCAP:/etc/mailcap
#
PERSONAL_MAILCAP:.mailcap
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
COLOR:0:lightgray:black
COLOR:1:brightblue:black
COLOR:2:yellow:blue
COLOR:3:green:black
COLOR:4:magenta:black
COLOR:5:blue:black
COLOR:6:red:black
COLOR:7:magenta:cyan
#
#
#
#
#
#
#
#
#
#
EXTERNAL:ftp:wget %s &:TRUE
#
--- End /etc/lynx.cfg
Information forwarded to debian-bugs-dist@lists.debian.org, Christoph Martin <christoph.martin@uni-mainz.de>
:
Bug#40435
; Package lynx-ssl
.
(full text, mbox, link).
Acknowledgement sent to Francesco Potorti` <F.Potorti@cnuce.cnr.it>
:
Extra info received and forwarded to list. Copy sent to Christoph Martin <christoph.martin@uni-mainz.de>
.
(full text, mbox, link).
Message #10 received at 40435@bugs.debian.org (full text, mbox, reply):
I was not precise in my bug report, because what i said was based on what
is written inthe lynx.cfg and ~/.lynxrc files. I found no other docs on
this feature.
But experimenting leads me to thing that's even worse than what I wrote,
because both calling lynx with the "-from" option and setting
NO_FROM_HEADERS:FALSE in /etc/lynx.conf produces no change: the mail
address set in the options and regularly stored in ~/.lynxrc is not used at
all.
Information forwarded to debian-bugs-dist@lists.debian.org, Christoph Martin <christoph.martin@uni-mainz.de>
:
Bug#40435
; Package lynx-ssl
.
(full text, mbox, link).
Acknowledgement sent to Christoph Martin <martin@uni-mainz.de>
:
Extra info received and forwarded to list. Copy sent to Christoph Martin <christoph.martin@uni-mainz.de>
.
(full text, mbox, link).
Message #15 received at 40435@bugs.debian.org (full text, mbox, reply):
Francesco Potorti` writes:
> I was not precise in my bug report, because what i said was based on what
> is written inthe lynx.cfg and ~/.lynxrc files. I found no other docs on
> this feature.
>
> But experimenting leads me to thing that's even worse than what I wrote,
> because both calling lynx with the "-from" option and setting
> NO_FROM_HEADERS:FALSE in /etc/lynx.conf produces no change: the mail
> address set in the options and regularly stored in ~/.lynxrc is not used at
> all.
Did you find the same problem in lynx too? Then we should reassign it
to lynx.
Christoph
Information forwarded to debian-bugs-dist@lists.debian.org, Christoph Martin <christoph.martin@uni-mainz.de>
:
Bug#40435
; Package lynx-ssl
.
(full text, mbox, link).
Acknowledgement sent to Francesco Potorti` <F.Potorti@cnuce.cnr.it>
:
Extra info received and forwarded to list. Copy sent to Christoph Martin <christoph.martin@uni-mainz.de>
.
(full text, mbox, link).
Message #20 received at 40435@bugs.debian.org (full text, mbox, reply):
> because both calling lynx with the "-from" option and setting
> NO_FROM_HEADERS:FALSE in /etc/lynx.conf produces no change: the mail
> address set in the options and regularly stored in ~/.lynxrc is not used at
> all.
Did you find the same problem in lynx too? Then we should reassign it
to lynx.
I installed lynx, and yes, it's the same with lynx.
Information forwarded to debian-bugs-dist@lists.debian.org, Christoph Martin <christoph.martin@uni-mainz.de>
:
Bug#40435
; Package lynx-ssl
.
(full text, mbox, link).
Acknowledgement sent to Christoph Martin <martin@uni-mainz.de>
:
Extra info received and forwarded to list. Copy sent to Christoph Martin <christoph.martin@uni-mainz.de>
.
(full text, mbox, link).
Message #25 received at 40435@bugs.debian.org (full text, mbox, reply):
reassign 40435 lynx
quit
Francesco Potorti` writes:
> > because both calling lynx with the "-from" option and setting
> > NO_FROM_HEADERS:FALSE in /etc/lynx.conf produces no change: the mail
> > address set in the options and regularly stored in ~/.lynxrc is not used at
> > all.
>
> Did you find the same problem in lynx too? Then we should reassign it
> to lynx.
>
> I installed lynx, and yes, it's the same with lynx.
>
Bug reassigned from package `lynx-ssl' to `lynx'.
Request was from Christoph Martin <martin@uni-mainz.de>
to control@bugs.debian.org
.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Christian Hudon <chrish@debian.org>
:
Bug#40435
; Package lynx
.
(full text, mbox, link).
Acknowledgement sent to Klaus Weide <kweide@enteract.com>
:
Extra info received and forwarded to list. Copy sent to Christian Hudon <chrish@debian.org>
.
(full text, mbox, link).
Message #32 received at 40435@bugs.debian.org (full text, mbox, reply):
Does any of this still apply to the lynx 2.8.2-1 package?
Klaus
Information forwarded to debian-bugs-dist@lists.debian.org, Christian Hudon <chrish@debian.org>
:
Bug#40435
; Package lynx
.
(full text, mbox, link).
Acknowledgement sent to Klaus Weide <kweide@enteract.com>
:
Extra info received and forwarded to list. Copy sent to Christian Hudon <chrish@debian.org>
.
Your message did not contain a Subject field. This is broken, I'm
afraid - the Subject: line is a Required Header according to RFC822.
Please remember to include a Subject field in your messages in future.
If you did so the fact that it got lost probably indicates a poorly
configured mail system at your site or an intervening one.
(full text, mbox, link).
Message #37 received at 40435@bugs.debian.org (full text, mbox, reply):
Francesco Potorti` writes:
> because both calling lynx with the "-from" option and setting
> NO_FROM_HEADERS:FALSE in /etc/lynx.conf produces no change: the mail
> address set in the options and regularly stored in ~/.lynxrc is not used at
> all.
Ok, I found it's true that personal_mail isn't used for personal mail, in
2.8.1 and 2.8.2 versions. There was an upstream change between 2.8 and 2.8.1
in the default behavior. The comments in lynx.cfg, .lynxrc and possibly
elsewhere don't properly reflect this.
This is from 2.8 userdefs.h:
/********************************
* Don't let the user enter his/her email address when sending a message.
* Anonymous mail makes it far too easy for a user to spoof someone else's
* email address.
* This requires that your mailer agent put in the From: field for you.
*
* The default should be to uncomment this line but there probably are too
* many mail agents out there that won't do the right thing if there is no
* From: line.
*/
/* #define NO_ANONYMOUS_EMAIL TRUE */
This is from 2.8.1 userdefs.h:
/********************************
* Comment this line out to let the user enter his/her email address
* when sending a message. There should be no need to do this unless
* your mailer agent does not put in the From: field for you. (If your
* mailer agent does not automatically put in the From: field, you should
* upgrade, because anonymous mail makes it far too easy for a user to
* spoof someone else's email address.)
*/
#define NO_ANONYMOUS_EMAIL TRUE
Effectively, the personal_mail_address isn't passed in a "From:" header
to the /usr/sbin/sendmail -t -oi invocation for mailto: links and for
the 'c'omment key command. There is no "From:", sendmail is supposed to
fill it in. personal_mail_address may still be used for FORM mailto:
actions(!), for news postings, for the rarely used From HTTP header,
for the rarely used MAIL_SYSTEM_ERROR_LOGGING, and for suggesting a Cc:
for mail messages.
I guess it's up to the Debian maintainer to decide whether the Debian
package should revert back to the old default.
Klaus
Information forwarded to debian-bugs-dist@lists.debian.org, Christian Hudon <chrish@debian.org>
:
Bug#40435
; Package lynx
.
(full text, mbox, link).
Acknowledgement sent to Francesco Potorti` <F.Potorti@cnuce.cnr.it>
:
Extra info received and forwarded to list. Copy sent to Christian Hudon <chrish@debian.org>
.
Your message did not contain a Subject field. This is broken, I'm
afraid - the Subject: line is a Required Header according to RFC822.
Please remember to include a Subject field in your messages in future.
If you did so the fact that it got lost probably indicates a poorly
configured mail system at your site or an intervening one.
(full text, mbox, link).
Message #42 received at 40435@bugs.debian.org (full text, mbox, reply):
Sorry for the delay.
This is from 2.8.1 userdefs.h:
/********************************
* Comment this line out to let the user enter his/her email address
* when sending a message. There should be no need to do this unless
* your mailer agent does not put in the From: field for you. (If your
* mailer agent does not automatically put in the From: field, you should
* upgrade, because anonymous mail makes it far too easy for a user to
* spoof someone else's email address.)
*/
#define NO_ANONYMOUS_EMAIL TRUE
If i am not wrong, no one should be worried about this. People can set its
From: header to whatever they like, but the MTA will add a Sender: line if
the user is not trusted. Moreover, the MTA will put an appropriate
envelope around the mail message.
On the other hand, preventing the user from adding a From: line is not a
good idea in any case. In most situations, the system cannot reasonably
guess the correct mail address of a user, like when one has dynamic IP
address, or when is behind a firewall, or more simply when mail is popped
from a server, rather than being received directly via SMTP.
So I suggest that the above line in userdefs.h be commented out. It was a
bad idea to uncomment it in the first place.
Please forward this message to the lynx maintainer list if you see fit.
Information forwarded to debian-bugs-dist@lists.debian.org, Christian Hudon <chrish@debian.org>
:
Bug#40435
; Package lynx
.
(full text, mbox, link).
Acknowledgement sent to Klaus Weide <kweide@enteract.com>
:
Extra info received and forwarded to list. Copy sent to Christian Hudon <chrish@debian.org>
.
(full text, mbox, link).
Message #47 received at 40435@bugs.debian.org (full text, mbox, reply):
The below message refers to a problem with honoring or not honoring
the "Personal mail address", please read the previous conversation
under <http://www.debian.org/Bugs/db/40/40435.html> - especially
if you are the person responsible for the change of the
NO_ANONYMOUS_EMAIL default...
It seems to me Francesco is right, and the default should have not been
changed. But I think there was extensive and maybe heated discussion
about this in the past, which I didn't follow, I don't really want to
get into it now.
But whether the default stays as it is or not, something should be done.
- the behavior is inconsistent (sometimes the "personal mail address" is
used, and sometimes it isn't. (e.g. mailto: URL as form action vs. as
link)
- Documentation (including .lynxrc comment) doesn't reflect the change.
It seems to describe the non-default behavior.
- "Personal mail address" should not be offered on the 'O'ptions screen
as such if it isn't used as such.
As far as the Debian package is concerned, I see nothing wrong with
the Debian maintainer deviating from the default if he chooses so.
The reason for the lynx-dev default setting (if there is a good one)
may not apply to a Debian package (e.g. assuming all Debian MTAs behave
reasonably. And hopefully nobody would offer anonymous lynx guest logins
to the world using a binary package without careful examination.).
Klaus
---------- Forwarded message ----------
Date: Thu, 29 Jul 1999 18:23:21 +0200 (CEST)
From: Francesco Potorti` <F.Potorti@cnuce.cnr.it>
To: Klaus Weide <kweide@enteract.com>
Cc: 40435@bugs.debian.org
Sorry for the delay.
This is from 2.8.1 userdefs.h:
/********************************
* Comment this line out to let the user enter his/her email address
* when sending a message. There should be no need to do this unless
* your mailer agent does not put in the From: field for you. (If your
* mailer agent does not automatically put in the From: field, you should
* upgrade, because anonymous mail makes it far too easy for a user to
* spoof someone else's email address.)
*/
#define NO_ANONYMOUS_EMAIL TRUE
If i am not wrong, no one should be worried about this. People can set its
From: header to whatever they like, but the MTA will add a Sender: line if
the user is not trusted. Moreover, the MTA will put an appropriate
envelope around the mail message.
On the other hand, preventing the user from adding a From: line is not a
good idea in any case. In most situations, the system cannot reasonably
guess the correct mail address of a user, like when one has dynamic IP
address, or when is behind a firewall, or more simply when mail is popped
from a server, rather than being received directly via SMTP.
So I suggest that the above line in userdefs.h be commented out. It was a
bad idea to uncomment it in the first place.
Please forward this message to the lynx maintainer list if you see fit.
Information forwarded to debian-bugs-dist@lists.debian.org, Christian Hudon <chrish@debian.org>
:
Bug#40435
; Package lynx
.
(full text, mbox, link).
Acknowledgement sent to David Woolley <david@djwhome.demon.co.uk>
:
Extra info received and forwarded to list. Copy sent to Christian Hudon <chrish@debian.org>
.
(full text, mbox, link).
Message #52 received at 40435@bugs.debian.org (full text, mbox, reply):
> reasonably. And hopefully nobody would offer anonymous lynx guest logins
> to the world using a binary package without careful examination.).
That's a totally unreasonable assumption. The days of the technically
aware ISPs is long over. Most service providers these days are plug
and play operators at the technical level.
Changed Bug title.
Request was from James Troup <james@nocrew.org>
to control@bugs.debian.org
.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, James Troup <james@nocrew.org>
:
Bug#40435
; Package lynx
.
(full text, mbox, link).
Acknowledgement sent to dickey@his.com
:
Extra info received and forwarded to list. Copy sent to James Troup <james@nocrew.org>
.
(full text, mbox, link).
Message #59 received at 40435@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
The original bug report was mistaken: the NO_FROM_HEADER has never been used
in any context other than a test in HTLoadHTTP().
The related text on NO_ANONYMOUS_EMAIL has been obsolete since 2.8.3dev.22
(2000-03-12), when the #define in userdefs.h was commented-out.
--
Thomas E. Dickey <dickey@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net
[signature.asc (application/pgp-signature, inline)]
Tags added: fixed-upstream
Request was from Thomas Dickey <dickey@his.com>
to control@bugs.debian.org
.
(full text, mbox, link).
Reply sent to warp@debian.org (Zephaniah E. Hull)
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Francesco Potorti` <F.Potorti@cnuce.cnr.it>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #66 received at 40435-close@bugs.debian.org (full text, mbox, reply):
Source: lynx
Source-Version: 2.8.6-1
We believe that the bug you reported is fixed in the latest version of
lynx, which is due to be installed in the Debian FTP archive:
lynx_2.8.6-1.diff.gz
to pool/main/l/lynx/lynx_2.8.6-1.diff.gz
lynx_2.8.6-1.dsc
to pool/main/l/lynx/lynx_2.8.6-1.dsc
lynx_2.8.6-1_amd64.deb
to pool/main/l/lynx/lynx_2.8.6-1_amd64.deb
lynx_2.8.6.orig.tar.gz
to pool/main/l/lynx/lynx_2.8.6.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 40435@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Zephaniah E. Hull <warp@debian.org> (supplier of updated lynx package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 01 May 2007 01:43:17 -0400
Source: lynx
Binary: lynx
Architecture: source amd64
Version: 2.8.6-1
Distribution: unstable
Urgency: low
Maintainer: Zephaniah E. Hull <warp@debian.org>
Changed-By: Zephaniah E. Hull <warp@debian.org>
Description:
lynx - Text-mode WWW Browser
Closes: 40435 67184 99400 120451 121520 132674 137480 141158 147287 152810 157088 171312 184482 188415 193205 204994 240237 244871 248092 252915 254515 265031 268264 271048 304989 313789 315853 318034 325478 343049 344275 374388 390918
Changes:
lynx (2.8.6-1) unstable; urgency=low
.
* Hijack the package. I might not be great at it, but I do use it daily.
* New upstream release.
Closes: #254515, #137480, #67184, #99400, #132674, #141158, #40435,
#120451, #157088, #204994, #244871, #248092, #268264, #271048, #318034,
#343049, #390918, #240237, #313789, #171312, #193205, #252915, #265031,
#121520, #152810, #188415, #344275, #374388, #184482, #315853
* Uses the new upstream defaults. Closes: #325478, #147287.
* Update 01_default-config.dpatch. (Offset changes only.)
* Update 02_default-key-bindings.dpatch. (Upstream formatting changes.)
* Kill 03_newer_gnutls.dpatch entirely.
This was fixed upstream. But this is also a GPL violation as we only ship
the patch to configure, and not to configure.in, the source file.
* Kill 04_CVE-2004-1617.dpatch. (Merged into upstream.)
* Disable 05_FTBFS_on_GNUHurd_and_GNUkBSD (Upstream changes, file new bug if
we FTBFS again.)
* Removed configure arguments:
--enable-8bit-toupper - Removed, no longer exists.
--enable-persistent-cookies - Enabled by default.
--enable-prettysrc - Enabled by default.
--enable-source-cache - Enabled by default.
--enable-read-eta - Enabled by default.
* Added configure arguments:
--enable-nsl-fork - fork NSL requests, allowing them to be aborted
--enable-justify-elts - use element-justification logic
* Update the contents and location of lynx.desktop. Closes: 304989.
* Other things will be handled by later uploads, patches welcome.
Files:
5f2a3005f67b144c6093ae875957d5fe 605 web optional lynx_2.8.6-1.dsc
2158041a3fdb5d094831da2c82cfcaba 3195728 web optional lynx_2.8.6.orig.tar.gz
24699d4e88618f94d9dd2b3e88ca41ef 15521 web optional lynx_2.8.6-1.diff.gz
e44c39690127312aa16149da5356ce4b 2010044 web optional lynx_2.8.6-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGNtYKRFMAi+ZaeAERAn6nAJ0SiaGd5zI4mt+sknbcH7M2/GWA1gCg2otr
gDdwPYjAsyQXG/udwapEPGA=
=6Lmp
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Wed, 04 Jul 2007 07:52:00 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Thu May 2 22:54:28 2024;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.