Downloading private mails is disallowed, but why?

[sebb <se...@gmail.com>]

Further to issue #108, I don't understand why PonyMail is designed so
that all private e-mails are always excluded from downloads.

Obviously if the user does not have access to a private email, it
should not be included in a download and should not appear in any
other output.

However if the user can see the e-mail in the browser, they can also
see the raw source.
So the user can download the mail content if they wish.

To my mind, preventing the download of private mails is a completely
unnecessary restriction.

#108: https://github.com/apache/incubator-ponymail/issues/108

Re: Downloading private mails is disallowed, but why?

[sebb <se...@gmail.com>]

Does no-one have any views on this?

There's also a feature request for it:
https://github.com/apache/incubator-ponymail/issues/169

As far as I can tell it would be pretty easy to check if the user was
authorised to access the list.

I would be happy to provide a patch, but I don't want to spend any
time on it if it's not going to be implemented.


On 6 September 2016 at 10:20, sebb <se...@gmail.com> wrote:
> Further to issue #108, I don't understand why PonyMail is designed so
> that all private e-mails are always excluded from downloads.
>
> Obviously if the user does not have access to a private email, it
> should not be included in a download and should not appear in any
> other output.
>
> However if the user can see the e-mail in the browser, they can also
> see the raw source.
> So the user can download the mail content if they wish.
>
> To my mind, preventing the download of private mails is a completely
> unnecessary restriction.
>
> #108: https://github.com/apache/incubator-ponymail/issues/108