> [...]
> For the mail storage we can solve the privacy problem by setting
> the permissions for ~/Mail appropriately, but mhstore(1) seems to
> be the relevant point. If you set Nmh-Storage in the profile to
> store all files of to a central directory, which all users use,
> then Msg-Protect is relevant.
> I would like to have Msg-Protect removed, but I am not sure if we
> cut off valuable possibilities at the same time. Actually, the
> point is that my feeling is that I don't see far enough in this
> topic to be conviced of any decision.
> But I would say that we can remove it from everywhere except
> from mhstore(1), without problem.

I agree, that `chown 700 ~/Mail' is good enough to protect my email
from other non-root users on same computer.

But I do not see mhstore as anything special. Consider an analogy:

 - user launches her favorite browser and open her webmail. It's
   content is safe from other users (they can't ptrace browser, do
   they?). Browser + remote server is analogous to mmh + ~/Mail (700).

 - Now she downloads attachment from her webmail into ~/Downloads
   directory. It gets access permissions according to browser
   umask. This is analogous to mhstore.

 - Browser do not have any special configurations about downloads
   permissions. Why should mhstore?

If I store my files into shared directory, I understand what does it
means. If I do not like it, I store files into directory, where no one
have access to.


Reply via email to