debian/notmuch
1
0
Fork 0
mirror of https://git.notmuchmail.org/git/notmuch synced 2025-01-03 15:21:41 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
notmuch/lib
History
Carl Worth 2c262042ac lib: Remove the synchronization of 'T' flag with "deleted" tag. 
Tags in a notmuch database affect all messages with the identical
message-ID. But maildir tags affect individual files. And since
multiple files can contain the identical message-ID, there is not a
one-to-one correspondence between messages affected by tags and flags.

This is particularly dangerous with the 'T' (== "trashed") maildir
flag and the corresponding "deleted" tag in the notmuch
database. Since these flags/tags are often used to trigger
irreversible deletion operations, the lack of one-to-one
correspondence can be potentially dangerous.

For example, consider the following sequence:

  1. A third-party application is used to identify duplicate messages
     in the mail store, and mark all-but-one of each duplicate with
     the 'T' flag for subsequent deletion.

  2. A "notmuch new" operation reads that 'T' flag, adding the
     "deleted" flag to the corresponding messages within the notmuch
     database.

  3. A subsequent notmuch operation, (such as a "notmuch dump; notmuch
     restore" cycle) synchronized the "deleted" tag back to the mail
     store, applying the 'T' flag to all(!) filenames with duplicate
     message IDs.

  4. A third-party application reads the 'T' flags and irreversibly
     deletes all mail messages which had any duplicates(!).

In order to avoid this scenario, we simply refuse to synchronize the
'T' flag with the "deleted" tag. Instead, applications can set 'T' and
act on it to delete files, or can set "deleted" and act on it to
delete files. But in either case the semantics are clear and there is
never dangerous propagation through the one-to-many mapping of notmuch
message objects to files.
2010-11-11 02:35:03 -08:00
..
database-private.h Make maildir synchronization configurable 2010-11-10 13:09:32 -08:00
database.cc Make maildir synchronization configurable 2010-11-10 13:09:32 -08:00
directory.cc lib: Eliminate some redundant includes of xapian.h 2010-11-01 23:24:40 -07:00
index.cc lib: Add some missing static qualifiers. 2010-11-01 21:58:43 -07:00
libsha1.c libify: Move library sources down into lib directory. 2009-11-09 16:24:03 -08:00
libsha1.h lib: Add GCC visibility(hidden) pragmas to private header files. 2010-11-01 22:35:48 -07:00
Makefile Makefiles: Use .DEFAULT to support arbitrary targets from sub directories. 2010-01-06 10:32:06 -08:00
Makefile.local Update library version to 1.2.0 2010-11-01 16:13:44 -07:00
message-file.c Make Received: header special in notmuch_message_file_get_header 2010-04-26 14:44:06 -07:00
message.cc lib: Remove the synchronization of 'T' flag with "deleted" tag. 2010-11-11 02:35:03 -08:00
messages.c lib: Rename iterator functions to prepare for reverse iteration. 2010-03-09 09:22:29 -08:00
notmuch-private.h Maildir synchronization 2010-11-10 13:09:31 -08:00
notmuch.h Make maildir synchronization configurable 2010-11-10 13:09:32 -08:00
query.cc lib: Eliminate some redundant includes of xapian.h 2010-11-01 23:24:40 -07:00
sha1.c Typsos 2009-11-18 03:21:36 -08:00
tags.c lib: Rename iterator functions to prepare for reverse iteration. 2010-03-09 09:22:29 -08:00
thread.cc lib: Eliminate some redundant includes of xapian.h 2010-11-01 23:24:40 -07:00
xutil.c xutil: Implement xstrndup without relying on strndup. 2009-12-01 12:51:39 -08:00
xutil.h lib: Add GCC visibility(hidden) pragmas to private header files. 2010-11-01 22:35:48 -07:00