On Wed, Oct 01, 2003 at 07:02:00PM -0700, bear wrote: > > Heh. You looked at my mail headers, didn't you? Yes, I use pine - > primarily *because* of that property. It treats all incoming messages > as text rather than live code. > > A protocol for text (as opposed to live code) requires compliant > clients (ie, clients that don't do anything other than display the > recieved messages). As such, it's at least somewhat a social issue.
While I agree that text is far safer than html or a .exe, do you run Pine on a dumb terminal, or in a window? If the latter, escape sequences which most folks would class as "text" can lead to remote compromise. There have been occasional bugs in terminal emulators, in X and others. TERM=vt100 is in some sense defining an interpreted programming language, albeit a limited one. That absolute safety is impossible does not excuse software from our favorite vendor whose security model is all but impossible to fathom, so I'm not at all disagreeing with your point. I use Mutt. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
