It is not a security hole because this feature is entirely by design. Just because it doesn't do what someone expects doesn't mean it is a violation of security or otherwise "bad." Call a fish a fish, don't call it a shark.
a) won't work because users don't read.
d) how will this actually change anything? It's easy to spoof the "From" of an email unless you put some token in the email. And then you're right back where you started: someone forwards it, the receiver spoofs it, and we didn't solve anything.
I prefer B to C, but either would be fine. Except!
Why even bother? This "issue" has been in existence on LJ for years and years and years and ... well, years. And I'm sure it's generated a complaint from time to time, but really? You don't forward emails to your enemies. When you forward a comment mail to a friend, they're not going to do Evil Things In Your Name! (And the only evil they can do is make a comment.)
If you DO forward it to someone who you don't want to have it, then - oh well! You can deal with the fallout from having them say something bad in your name. And then you tell the person they replied to that you're sorry and the problem is solved without spending a ton of development time reimplementing this. :)
no subject
It is not a security hole because this feature is entirely by design. Just because it doesn't do what someone expects doesn't mean it is a violation of security or otherwise "bad." Call a fish a fish, don't call it a shark.
a) won't work because users don't read.
d) how will this actually change anything? It's easy to spoof the "From" of an email unless you put some token in the email. And then you're right back where you started: someone forwards it, the receiver spoofs it, and we didn't solve anything.
I prefer B to C, but either would be fine. Except!
Why even bother? This "issue" has been in existence on LJ for years and years and years and ... well, years. And I'm sure it's generated a complaint from time to time, but really? You don't forward emails to your enemies. When you forward a comment mail to a friend, they're not going to do Evil Things In Your Name! (And the only evil they can do is make a comment.)
If you DO forward it to someone who you don't want to have it, then - oh well! You can deal with the fallout from having them say something bad in your name. And then you tell the person they replied to that you're sorry and the problem is solved without spending a ton of development time reimplementing this. :)