Summary: | Webmail for Gentoo developers | ||
---|---|---|---|
Product: | Gentoo Infrastructure | Reporter: | Donnie Berkholz (RETIRED) <dberkholz> |
Component: | Other | Assignee: | Gentoo Infrastructure <infra-bugs> |
Status: | RESOLVED OBSOLETE | ||
Severity: | normal | CC: | betelgeuse, compnerd, deathwing00, joem, johu, lisa, serkan, spatz |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Donnie Berkholz (RETIRED)
2005-08-03 17:43:59 UTC
"Me too!" Might want more input from the infra folks in general about the idea. are we talking about webmail for access to mail on toucan? or access to arbitrary imap servers? i'd want access to mail on toucan through something like squirrelmail it wouldn't have to be on toucan.. I've already got this on my todo list (we use to have it via phpgroupware, Donnie was the only one testing it, and when I yanked it from him I promised one day we would have something else for him.. hence this bug to remind me) -C my question was more about whether the expectation is that all mail would be retrievable via this client (including mail housed on non g.o servers) or if we're just talking about mail that is stored on toucan. I don't think outside mail is something we want to try and do. could be a nightmare just from the support perspective of it. -C There are quite a few new secksi webmail programs out there now. Anyone opposed to using one with AJAX features? -C Define AJAX features and the deps they would incur. No deps.. it's a mixture of client side javascript and (usually) XMLHttpRequest to further communicate with the server. The use of this call varies between programming language, but most all browsers support it nowadays (including IE, >= 4) The support for AJAX type stuff has been around forever, but nobody caught on to using it till Google started with the mutating search bar, gmail, and google maps. A good rundown is on wikipedia if you want more info: http://en.wikipedia.org/wiki/Ajax_(programming) Two apps that have gotten my attention are Zimbra and Roundcube. The functionality these apps are cranking out is fairly new, that's why I would hate to go with something more static just to want to change later. Besides, squirrelmail seems to drag.. Ah, another option is imp. K-State uses that for their webmail solution and it seems to work pretty well. I haven't done much with it myself. I'd just be leary about using something so new with any kind of upgrade headaches that could happen. I don't think our devs need to have a google map in our webmail ;-) but the idea seems cool. Also, you're forcing things on the client side which I really don't like. Just my $0.02 Last time I tried imp it was broken to pieces.. As for forcing things onto the client, that is a false statement. If you want a plain text interface to your email, there is pine or mutt on toucan. but anyway, I'll leave it up to the requestors to chip in about that. :) (In reply to comment #12) > As for forcing things onto the client, that is a false statement. If you want > a plain text interface to your email, there is pine or mutt on toucan. > > but anyway, I'll leave it up to the requestors to chip in about that. :) I agree with Corey. What I need is a way to access my Gentoo email from computers lacking my SSH key, and I really have no need for a text-only interface. Yea, lets get a pretty webmail interface up in this piece Is there any problem with putting something like squirrel mail or something up until the pretty/oooh!!! cool! one gets released and is stable? I think for now getting something up is better than waiting. We'll just need to let folks know that we'll probably switch to something better down the road. SM is fine by me. Pity it's a tad on the slow side though. :( imho we should encourage users to keep emails off toucan, imap/pop are manageable and acceptable, installing webmail would be pushing that logic though. Not to mention that it would be an additional security concern and if it's a php app...well that would be even worse (security and admin wise). Even if we offer this as a low priority service my fear is that 50% of devs will unfortunately start relying on it. So I'm against this, 'cause I don't like webmail, 'cause it's an additional security concern and 'cause we have other priorities atm re mail that needs to be addressed. If we do this we better find something that can use LDAP and protect the page via certs or htaccess (with ldap lookup because otherwise managing htaccess would be a pain) Just my 2 eurocents. [this doesn't mean I wouldn't be happy to help if we actually decide to implement it, quite the contrary if time allows] Changing the title to something a bit more sane. This service if implemented should be on https:// only. It would be nice if we used .htaccess to explicitly limit the domains that could connect to it. It's security track record is not exactly that good. (200405-16 being the real bad one) 200406-08 [U] Squirrelmail: Another XSS vulnerability 200506-19 [U] SquirrelMail: Several XSS vulnerabilities 200501-39 [U] SquirrelMail: Multiple vulnerabilities 200405-16 [U] Multiple XSS Vulnerabilities in SquirrelMail 200411-25 [U] SquirrelMail: Encoded text XSS vulnerability (In reply to comment #17) > imho we should encourage users to keep emails off toucan, imap/pop are > manageable and acceptable, installing webmail would be pushing that logic > though. Not to mention that it would be an additional security concern and if > it's a php app...well that would be even worse (security and admin wise). I don't always have the ability to install email clients on work computers I'd like to check email from. > Even if we offer this as a low priority service my fear is that 50% of devs > will > unfortunately start relying on it. I doubt that -- Gentoo mail is too high-volume to only use any webmail app I've used. > So I'm against this, 'cause I don't like webmail, 'cause it's an additional > security concern and 'cause we have other priorities atm re mail that needs to > be addressed. I think we can consider the first point moot in this discussion. =) I was commenting about webmail with ramereth and he told me about this bug. As far as I've read, apart from the security risks, one of the problems infra sees is that developers would relay on it. Personally, I consider that webmail would be used only if one is not in his home computer, that is for kinda casual checks. Another issue that I think that lcars implied with developers relaying on it is maybe that developers might somehow increase the use of the gentoo mail if the webmail service is implemented. I'm not sure if this is a real issue and if lcars really implied it (correct me if I am wrong please); my point is, is it a real concern if the developers consume let's say 50% more of HD space? Reassigning to infra since Corey has retired. Hello! I want to cry out at this once again. Do we have any updates? Let's resurrect this topic once more, just for fun. Is there still a large demand for this? I think that there is some demand for this, I've had situations where I couldn't set up an email client and could have used Webmail. I've moved all my mail to GMail now, so it's not a problem for me, but I definitely see some value in this. FWIW, I've used Horde, SquirrelMail and RoundCube, and only Squirrel was usable amongst these. There seem to be more options these days, though (http://www.noupe.com/ajax/10-ajax-webmail-clients.html). Shyam's got some experience with Zimbra, iirc. (In reply to comment #25) > Is there still a large demand for this? I think we should close this as WONTFIX/LATER (sorry) (In reply to comment #27) > > I think we should close this as WONTFIX/LATER (sorry) > Using LATER is not allowed any more as you should remember from voting in the last council meeting. Nice way to keep a bug open for almost five years... please, remind us of the implications of having a webmail client. Mainly concerned about the poor security history of most of the webmail apps. Presently if I had to put one up, it would be behind SSL, and you'd be logging in twice, once for the HTTP auth layer and once for the actual IMAP layer. 1/36 respondents (3%) voted for webmail in the latest infra survey I sent out. I believe the majority of developers are happy to grab mail via imap / pop or forward to other webmail products. I recommend we focus our efforts on other services. *** Bug 468424 has been marked as a duplicate of this bug. *** |