Alejandro Colomar

I think this deserves not only making To and Cc protected headers, but also change the default to protect headers. Not protecting headers is an insecure default, which is a...

For messages without Cc, there should be an empty `Cc:` header field in the protected part, to avoid Mallory adding one outside of the protected part.

Fun fact: Old mutt(1) has a bug by which it injects To (and a few other header fields) into the protected header. However, it's just a bug; probably they forgot...

I think I'll end up protecting every AddressList in the Envelope structure.

> ## bcc leakage! > > This isn't a bug in your changes, just a general feature of (Neo)Mutt. Hmmm! > Experimenting with both your PRs (#4221, #4227)... > >...

This is now protected since 913a991a5a8a000c0acc761dd8c9b76eefabfbea: ``` commit 913a991a5a8a000c0acc761dd8c9b76eefabfbea Author: Alejandro Colomar (@alejandro-colomar) Date: Mon Apr 1 01:07:30 2024 +0200 ncrypt/crypt.c: Protect address lists in header fields ... except Bcc,...

As mentioned in , we could add some warnings if the headers have been tampered (they don't match the protected ones). I propose: `[-- The header field '%s' has been...

https://github.com/namecoin/namecoin.org/blob/master/dot-bit/browsing-instructions/index.md#nmcontrol This still recommends NMControl. Should be updated?

> I doubt any major distro will remove Python2 anytime soon: https://wiki.ubuntu.com/Python/3 > 2020! The time has come. Python2 is officially not supported: https://github.com/python/devguide/pull/344 Debian Bullseye (11) is going to...

If we're going to improve sscanf(3) calls, I'd go a step further and remove them. `sscanf(3)` says: ``` BUGS Numeric conversion specifiers Use of the numeric conversion specifiers produces Undefined...