What happened to hiring an architect?

Disaster Master disasterlistmanager at gmail.com
Tue Dec 20 14:41:11 UTC 2016


Jim, your replies break Thunderbird's 'Reply List' capability for gmail
users.

Please do not reply to me directly, just reply to the list.

Thanks... additional comments inline.

On 12/19/2016 4:33 PM, Jim <squibblyflabbetydoo at gmail.com> wrote:
> On Mon, Dec 19, 2016 at 1:50 PM, Disaster Master
> <disasterlistmanager at gmail.com <mailto:disasterlistmanager at gmail.com>>
> wrote:
>
>     Only one person (Jim) has responded with any specifics on these
>     risks, but alas didn't respond to my follow-up about how or
>     whether or not it would be possible to mitigate said risks -
>     regardless, I didn't grok his response, so have no way of knowing
>     if the risks are real (for TB) or not.
>
>
> The only way to mitigate the risks is to reduce the surface area for
> attack (by limiting what features we expose to messages). However, one
> of TB's selling points is that we have a very good HTML renderer; in
> an era where our competition is webmail (even Mozilla itself uses
> Google Apps for employee email now!), we need to support as much of
> HTML as reasonably possible, or people's emails will look like crap
> and they'll just go back to Gmail.

I agree. But we are only talking about an extreme situation, where, due
to limited resources etc, we had to choose between forking Gecko or
losing Thunderbird forever (inability to build a working version).

>     Would it not be possible to lock down TB to a specific subset of
>     Gecko functions in order to let it render basic HTML emails, but
>     minimize or even eliminate the security risks that would otherwise
>     plague a full blown web browser?
>
>
> How would we know that those features are the ones that are secure?
> The only thing we can really drop is JS, since people sending mail
> should be able to use anything in HTML/CSS to make their emails look
> the way they want (especially important for newsletters). JS
> vulnerabilities are the most common, so we've made our lives a lot
> easier by eliminating that,

So... JS has already been eliminated from TB? If so, good.

> but if people wanted to infect users via Thunderbird, I'm 99.9% sure
> they could find a way to do it.

The same can be said for any email platform, it happens all the time.
Outlook, especially when not locked down, is a malware fest just waiting
to happen.

> In the long run, I think Thunderbird's current position is untenable,
> and even if we could fork Gecko at some point in the future, I'm not
> sure I'd want to. At the moment, I'm leaning much more towards asuth's
> "glodastrophe" client as a potential spiritual successor to
> Thunderbird. Of course, I'm biased, since I helped write some of its
> backend. :)

The question of course is resources. I honestly don't see this as viable
as slowly rewriting the core compnents over the next few years while we
can still stay on Gecko without having to decide on forking or not.

But as long as it still resembles Thunderbird's UI (with some of my
personal favorite enhancements of course ;) and retains all of its
functionality (well, all I personally care about is IMAP support), I
have no problem with that, but I use TB for a reason - because I love
the UI (for the most part), primarily because I can configure it to look
exactly how I want it to look.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/tb-planning/attachments/20161220/ebe1dbad/attachment.html>


More information about the tb-planning mailing list