Allow message More/View Source to non-moderators, at least in groups where the message archive can be downloaded by normal users #suggestion


Mike Beaton
 

I would like to suggest that it would make sense to allow the View Source entry in the More menu for messages, not just for moderators, but also for list members in the case where the list allows downloading the archive anyway.

More info:

I am subscribed to a list (the edk2-devel list, in fact) and wanted to check an earlier patch submitted to the list. In order to correctly check the patch, I need the original message source (which is what should be fed to the `git am` command).

If I had been subscribed to the list at the time the patch came through, I would have been able to get the message source in my own email client.

Even if I subscribed after the patch came through, then on a list such as the above which allows users to download the list archive, I can still get at the message source after the fact - but only by downloading the entire archive and splitting it. But this is very slow and inefficient (and also does not include new messages as promptly as the normal message view).

Therefore I would suggest that (since the same information is available a little inconveniently anyway) it would make sense to allow the View Source entry in the More menu for each message, not just for moderators, but also for list members in the case where the list allows downloading the archive anyway.

This feature would additionally be useful for people who are subscribed to lists in which email patches are sent, but who prefer not to have email deliverability each list message - i.e. to use the web interface instead - such users could use they above feature to download any patches which they do wish to test/use/apply.

Many thanks,

Mike Beaton


Bruce Bowman
 

On Tue, Jul 26, 2022 at 11:06 AM, <mjsbeaton@...> wrote:
I would like to suggest that it would make sense to allow the View Source entry in the More menu for messages, not just for moderators, but also for list members in the case where the list allows downloading the archive anyway.
I've been thinking about this over the past 24 hours and am unable to explain to my own satisfaction why this feature should be restricted to Moderators. So I'd like to offer a friendly amendment, and suggest that anyone subscribed to the group should be able to View Source, regardless of group settings.

That's pending a good reason "why not," of course. 

Regards,
Bruce


Bruce Bowman
 

On Wed, Jul 27, 2022 at 09:48 AM, Bruce Bowman wrote:
That's pending a good reason "why not," of course. 
Well, I finally came up with a reason...it would provide a way to circumvent an important group privacy setting ("Email Address Visibility in Archive").

On that basis I am withdrawing my friendly amendment.  :-)

Mea culpa,
Bruce


Andy I
 

I also was thinking about this, but for a different reason.  I wondered, shouldn't this (distributing software patches if that's what it means) be done a different way?  This seems like a really good thing to be in a file, not in a message.  In my opinion, messages - well, the body of the messages - are for discussing them, whereas code itself belongs in a file.  If you have to disassemble a message's View Source to recover the patch's code, that's just wrong.  Now some groups don't have a "Files" section, but I think all groups support attached files, if the Moderators have not disabled it.  It seems that a group about code and patches ought to allow attached files if they do not have a "Files" section..

But I also agree with Bruce that I think access to a message's View Source should be allowed.  (But maybe as a specific group setting?  Or maybe not.)

Andy


Mike Beaton
 

Dear Andy,

With respect, I don't think this is a valid point.

Many, many open source projects do still work this way, and to my understanding it was 'the' way of working with git, before GitHub introduced it's own (much easier, IMO) pull request system.

git is (still) full of features specifically for creating, and then applying, patches in this format, even though it's only if you work on such a project, that you'd need to use them. (Iirc, the linux kernel itself still uses this emailing system for patches!)

In response to Bruce's point - your other point - yes, I believe this option does make (some) information available which would not otherwise be available, which is why I suggested tying it to the 'download archive' option, which I believe makes exactly the same information available.

Mike


Mike Beaton
 

I should perhaps add that this system makes more sense if the messages are delivered to each list member eventually onto a Unix system, in which case they are already in a Un*x .mbox format, from where they can be accessed by the email patching commands in git directly, that is the format it reads. (Which ofc is probably the setup for at least the majority, though I think certainly not all, people still using this approach.)

Also - in case it's not obvious - the patches in question are text diffs, but what `git am` expects to read (it just does - we can't change it!), is the raw email, in which this diff is encoded (along the other contributor info, description, and separators). (The encoding could be base64 or quoted printable, or whatever.)

I do agree with you, the system smells! But it exists, and is still widely used.

Mike


Andy I
 

Mike, I'm wondering, what is it that requires access to the message source, to receive the patches?  Are they being altered by having been sent and received via email?  (Or in this case saved online?)

Or did I totally misunderstand?

Andy


 


On 2022-07-27 10:34, Bruce Bowman via groups.io wrote:
it would provide a way to circumvent an important group privacy setting ("Email Address Visibility in Archive"

That could be added in the exclusion list as the last check, i.e.

ViewMsgSource.Enabled = DownloadArchives.Enabled
ViewMsgSource.Enabled = not(MaskAddresses.Enabled)

Cheers,
Christos


Mike Beaton
 

Andy, Not sure if this is drifting off topic, but I guess the way I'd see it is that it is the displayed email which is 'altered', where the message source is (closer to...!) what was sent (i.e. what was created by the email patch creator in the originator's git).


Mike Beaton
 

Christos,

Thanks. Would it need to be something more like:

ViewMsgSource.Enabled = DownloadArchives.Enabled or not(MaskAddresses.Enabled)

Because - I think - even if addresses are masked, you can get at them with download archives anyway; if I've git that right. So yes, View Source circumvents masking addresses, but I've always and only been suggesting enabling it when you can circumvent that (by downloading the archives) anyway.


Andy I
 

Mike,

One of the reasons why I'm asking that, is because I am not sure it always solves the problem.

I have been in the habit of looking at the email source when I wanted to see what a message looked like before having its appearance altered by email.  However, these days, I find that it often does not help anymore.  The original text may be encoded so that I can't read it by looking at the source, and must look at the message itself in the usual way.  By using "Show Original" (equivalent of Groups.io's "View Source"), sometimes there is nothing recognizable in it, though sometimes there is.  I guess it's because the message is securely encrypted, automagically.  With that happening more often nowadays, you might lose the ability to get anything useful from "View Source".

Also, with the many ways of sending and receiving emails, there might be another way to (try to) assure that the message text goes through with minimum alteration (e.g., line-wrapping, if that's what the problem is).

Andy


Mike Beaton
 

I still don't think this is right, Andy.

Firstly, it's not about me reading it, it's about `git am` and that is simply what `git am` reads: the message source, not the message text after decoding for display.

Secondly, although certainly base64 can be used to encode messages, which can't be read by eye, it's relatively easy to copy and paste that into an online decoder (for me) and even easier for a program linked to a base64 decoder (for `git am`)!

You keep concentrating on whether I really want to read these raw message, and whether I can, and whether there'd be a better way to send patches - but the fact is, this _is_ how git sends email patches, and that workflow (for all its flaws) simply _is_ used in many major git projects.

So it's about whether `git am` really wants to read the raw message (it does), and whether it can (it can), and whether this workflow is widely enough used that this makes it a valid use case for making View Source available (at least whenever it would not expose additional information to what can be accessed anyway) (what I'm trying to argue).

Mike


Mike Beaton
 

PS I don't really want to 'view' the source, by the way, I just want access to it, so that I can download it.


Andy I
 

I think only group members can download the message archives.  Therefore, only group members can see the unmasked email addresses that they contain.

Many groups are set so that messages can be read by anyone, whether a member or not.  There is even a "More" menu option.  One would want to restrict the "View Source" option to group members only.

Andy


Mike Beaton
 

Sure, I agree with that. Possibly it goes together with who can download the archives, I'm not sure? Thanks.

Mike


On Thu, 28 Jul 2022 at 15:28, Andy I <AI.egrps+io@...> wrote:
I think only group members can download the message archives.  Therefore, only group members can see the unmasked email addresses that they contain.

Many groups are set so that messages can be read by anyone, whether a member or not.  There is even a "More" menu option.  One would want to restrict the "View Source" option to group members only.

Andy


Andy I
 

Mike, the encryption I'm talking about is not base64.  Anyway, base64 is an encoding, it's not encryption.

All I'm saying is that there might be more hurdles ahead, for which "View Source" might not continue to help.  Not saying there shouldn't be a "View Source" option.

Andy


Mike Beaton
 

Sorry, I typed too fast, I meant encoding, as you originally said.


On Thu, 28 Jul 2022, 15:38 Andy I, <AI.egrps+io@...> wrote:
Mike, the encryption I'm talking about is not base64.  Anyway, base64 is an encoding, it's not encryption.

All I'm saying is that there might be more hurdles ahead, for which "View Source" might not continue to help.  Not saying there shouldn't be a "View Source" option.

Andy


Andy I
 

On Thu, Jul 28, 2022 at 01:43 PM, Mike Beaton wrote:
Sorry, I typed too fast, I meant encoding, as you originally said.

Actually, I originally said encrypted.

I don't know how/where the encryption actually falls in the process of getting from the bits that pass through the internet, to seeing a message on my screen; but if the "View Source" or "Show Original" displays the message still encrypted (which it seems to, to my untrained eye), then 'git am' or anything else that uses it, would need to handle that de-encryption.  Or to be given an un-encrypted copy rather than the Source.  Usually encryption exists to make it impossible (well, very difficult) for a random interceptor to know the contents of the message.  All I'm saying is that, even though a process worked for many decades when we had non-encrypted email, it might not keep working.  But it's off-topic.

I did understand you did not need to actually *view* the source with your own eyes.

Andy


 

Hi All,

I understand the need to change this setting and agree with it. My proposal would be to allow any member of a group to view the source of a message as long as their message delivery is set to not be no email. Alternatively, if that's too complicated, just allow any member to view the source of a message. The thinking being that a member already receives the emails, which contain un-redacted email addresses, so allowing them access to the source via the website does not expose any additional information.

Thoughts?

Thanks,
Mark


txercoupemuseum.org
 

I favor the latter.

WRB

— 

On Jul 28, 2022, at 2:43 PM, Mark Fletcher <markf@corp.groups.io> wrote:

Hi All,

I understand the need to change this setting and agree with it. My proposal would be to allow any member of a group to view the source of a message as long as their message delivery is set to not be no email. Alternatively, if that's too complicated, just allow any member to view the source of a message. The thinking being that a member already receives the emails, which contain un-redacted email addresses, so allowing them access to the source via the website does not expose any additional information.

Thoughts?

Thanks,
Mark




Malcolm Austen
 

On Thu, 28 Jul 2022 20:43:22 +0100, Mark Fletcher <markf@corp.groups.io> wrote:

I understand the need to change this setting and agree with it. My proposal would be to allow any member of a group to view the source of a message as long as their message delivery is set to not be no email.

Mark,

Would that not imply/require knowledge of whether they were set to nomail at the time the message was distributed? If the aim is to avoid showing the source of a message someone did not receive, it certainly should not show source for anything that predates their membership.

I really don't see any reason to restrict it at all - except subject to membership of the group concerned!

Malcolm.

--
Malcolm Austen - email: malcolm.austen@...


 


On 2022-07-28 16:11, Malcolm Austen via groups.io wrote:
I really don't see any reason to restrict it at all - except subject to membership of the group concerned!

I also agree, one could just change to SpecialNotices and bypass the NoEmail restriction anyway.



On 2022-07-28 02:53, mjsbeaton via groups.io wrote:
Because - I think - even if addresses are masked, you can get at them with download archives anyway; if I've git that right.

LOL, Freugitian slip?  Unless if that was a pun, you may want to take a vacation from git for a few days!

Cheers,
Christos


Bruce Bowman
 

On Thu, Jul 28, 2022 at 03:43 PM, Mark Fletcher wrote:
Alternatively, if that's too complicated, just allow any member to view the source of a message. The thinking being that a member already receives the emails, which contain un-redacted email addresses, so allowing them access to the source via the website does not expose any additional information.
Well, sounds like my "friendly amendment" has arisen from the dead.  :-)

I'm okay with it. Mainly for me, it could help those of us in GMF to troubleshoot people's problems ("click More->View Source and tell me what it says").

Bruce


Duane
 

On Wed, Jul 27, 2022 at 08:48 AM, Bruce Bowman wrote:
anyone subscribed to the group should be able to View Source
That's the way it was originally on the site.  There was a change made about 6 years ago to "CHANGE: Only show View Source link to people who can edit the message (moderators and message author)."  To my knowledge, most members are happy with that, but there are the unusual cases, such as Mike's, where it would be welcome.  I'm not sure what the reaction would be if this were 'undone' after all this time.

Duane


Duane
 

On Thu, Jul 28, 2022 at 04:19 PM, Duane wrote:
I'm not sure what the reaction would be if this were 'undone' after all this time.
I got hasty again.  After Send, I realized Mike was only referring to those that could already download archives being able to View Source, so not a problem on that type group.  I don't allow downloading the archive on my groups, so other members wouldn't be able to do it.  I now see it as fine tuning the setting, not changing/removing it.

Sorry,
Duane


 

Hello,

I've made the change. Any member of a group should now be able to use the View Source function.

Thanks,
Mark


Mike Beaton
 

Thank you, Mark! For my purposes, as Duane points out, I'm happy if the setting only appears for normal users, in groups where download archive is also allowed. But equally, for my own purposes at least, I'm more than happy if it appears for normal users in all groups, regardless of that other setting. Thanks again.


Mike Beaton
 

Ah. Apologies, but I'm not sure the fix has worked?

The link now appears but (perhaps because I'm a non-moderator?) when I click on it, it just takes me to the home page of the group (exactly the same as what I get if I modify .../message/... to .../original/... in a message URL).

I suspect maybe the link is enabled for me, but the feature is still not.


Chris Jones
 

On Fri, Jul 29, 2022 at 06:25 PM, Mike Beaton wrote:
I suspect maybe the link is enabled for me, but the feature is still not.
Moi aussi; similar results when I try it. Still works OK on a group where I am a moderator...

Chris 


 

Apologies. There was one final security check that I hadn't removed. It should work now.

Thanks,
Mark


Mike Beaton
 

It's working for me now. Thank you.


Chris Jones
 

On Fri, Jul 29, 2022 at 06:52 PM, Mike Beaton wrote:
It's working for me now.
As I said previously... moi aussi! :) 

Chris