Re: [Evolution-hackers] Moving EExtension to libedataserver

2011-09-12 Thread Milan Crha
On Fri, 2011-09-09 at 22:18 -0400, Matthew Barnes wrote: I got this working today. Would anyone object if I create the gnome-3-2 branch early next week so I can commit this for 3.3.1 and then rebase my account-mgmt branch on it? Hi, I wouldn't do that, as it doubles work for

[Evolution-hackers] CVE-2011-3201 Issue in evolution

2011-09-12 Thread Vibha Yadav
Hi All, I just came across the bug https://bugzilla.redhat.com/show_bug.cgi?id=733504 , CVE-2011-3201 evolution: mailto: attachment parameter can lead to accidental data exfiltration. Going ahead with the blacklist approach in https://bugzilla.redhat.com/show_bug.cgi?id=733504#c8, I am attaching

Re: [Evolution-hackers] Moving EExtension to libedataserver

2011-09-12 Thread Christian Hilberg
Hi all, Am Montag 12 September 2011, um 09:57:26 schrieb Milan Crha: On Fri, 2011-09-09 at 22:18 -0400, Matthew Barnes wrote: I got this working today. Would anyone object if I create the gnome-3-2 branch early next week so I can commit this for 3.3.1 and then rebase my account-mgmt

Re: [Evolution-hackers] Moving EExtension to libedataserver

2011-09-12 Thread Christian Hilberg
Hi there, just one bit of nitpicking: Am Mittwoch 07 September 2011, um 19:07:20 schrieb Matthew Barnes: [...] The EExtension framework was introduced in Evolution 2.30 as part of the Shouldn't that read 2.32? At least, the wiki

Re: [Evolution-hackers] Moving EExtension to libedataserver

2011-09-12 Thread Christian Hilberg
Hi again, Am Mittwoch 07 September 2011, um 19:07:20 schrieb Matthew Barnes: [...] The API is already fully documented and our wiki has usage instructions for it: http://live.gnome.org/Evolution/Extensions Is the list of EExtensible-tagged classes listed at the end of the wiki

Re: [Evolution-hackers] Moving EExtension to libedataserver

2011-09-12 Thread Christian Hilberg
Hi, I hope I've got the reference right... Am Mittwoch 07 September 2011, um 19:07:20 schrieb Matthew Barnes: [...] I'm going to need EExtension for the new D-Bus service I talked about recently [1] anyway, so it makes sense to get this part merged early. Kind regards, Christian

[Evolution-hackers] Evo/E-D-S security (libs) long-term plans

2011-09-12 Thread Christian Hilberg
Hi all. During the initial implementation of the evolution-kolab plugin, we were concerned with using hardware crypto devices (TPM, trusted platform module) as a means to store and retrieve client certificates for securing TLS connections to a Kolab server (by configuring the Kolab server to

Re: [Evolution-hackers] Further thoughts on ESources

2011-09-12 Thread Christian Hilberg
Hi all, Am Donnerstag 25 August 2011, um 18:46:15 schrieb Matthew Barnes: [...] Proposal: I think the key file management needs to be centralized in a new D-Bus service, tentatively called e-source-registry. The ESourceRegistry singleton class in client programs would then be a proxy for

Re: [Evolution-hackers] CVE-2011-3201 Issue in evolution

2011-09-12 Thread Matthew Barnes
On Mon, 2011-09-12 at 00:40 -0600, Vibha Yadav wrote: I have following list of files to be blacklisted: I know we discussed this already, but just to clarify for others: the blacklist only applies to attach parameters in mailto: URLs. You can still attach any file manually in the composer

Re: [Evolution-hackers] Moving EExtension to libedataserver

2011-09-12 Thread Matthew Barnes
On Mon, 2011-09-12 at 10:49 +0200, Christian Hilberg wrote: Am Montag 12 September 2011, um 09:57:26 schrieb Milan Crha: I wouldn't do that, as it doubles work for translators, because it's their time now. Does it make that large difference to wait for next two weeks? You can always do

Re: [Evolution-hackers] Moving EExtension to libedataserver

2011-09-12 Thread Matthew Barnes
On Mon, 2011-09-12 at 11:11 +0200, Christian Hilberg wrote: Is the list of EExtensible-tagged classes listed at the end of the wiki page up-to-date (and exhaustive) for the current dev version of Evo/E-D-S? Until 3.3.1 development begins, the extensible list only applies to Evolution. I'll

Re: [Evolution-hackers] Further thoughts on ESources

2011-09-12 Thread Matthew Barnes
On Mon, 2011-09-12 at 13:30 +0200, Christian Hilberg wrote: Am Donnerstag 25 August 2011, um 18:46:15 schrieb Matthew Barnes: evolution and other e-d-s clients e-addressbook-factory | e-calendar-factory \ | /

Re: [Evolution-hackers] Evo/E-D-S security (libs) long-term plans

2011-09-12 Thread Milan Crha
On Mon, 2011-09-12 at 13:16 +0200, Christian Hilberg wrote: We succeeded doing so for the following protocols: HTTPS, IMAPS, SMTPS. These are protocols handled by Camel and the underlying NSS library. In order to access the crypto token, we needed to supply a token PIN, which we were not

Re: [Evolution-hackers] Moving EExtension to libedataserver

2011-09-12 Thread Milan Crha
On Mon, 2011-09-12 at 09:27 -0400, Matthew Barnes wrote: On Mon, 2011-09-12 at 10:49 +0200, Christian Hilberg wrote: Am Montag 12 September 2011, um 09:57:26 schrieb Milan Crha: I wouldn't do that, as it doubles work for translators, because it's their time now. Does it make that large