On 12/9/2011 5:58 AM, Vladimir Panteleev wrote:
There are also some security considerations with attachments. We need to either have a separate subdomain for attachments, or forbid viewing them in the browser (which would mean that viewing non-whitelisted attachments, including HTML parts, would need to force a download). Gmail uses googleusercontent.com for attachments, for example.
I recommend ignoring attachments, including HTML ones. The current D archives ignores them, and it has never been an issue.
One reason is that with attachments people will tend to post their projects and bug reports to the n.g. rather than github (or equivalent) and bugzilla where they belong.
Another is to keep the posts readable by simple NNTP readers.
