[MlMt] Notes on latest test release and Gmail OAuth application verification
Patrik Fältström
paf at frobbit.se
Fri May 31 14:11:56 EDT 2019
Excellent news! Thanks!
Patrik
On 31 May 2019, at 12:16, Benny Kjær Nielsen wrote:
> Hi MailMate users,
>
> a couple of updates on the subjects I wrote about a month ago.
>
> First some very good news: I've finally passed the verification process for the Google OAuth API. It has been a bit frustrating and involved weird steps including making a YouTube video essentially showing that MailMate is an email client. In the end I was again asked to go through the security audit, but after yet another appeal it was revealed that this was a mistake. This means that MailMate will continue to support Gmail -- also after January 2019. Well, at least until the next time Google decides to threaten to pull the OAuth plug.
>
> My work on WKWebView (the new message view) continues. It's still not ready for testing (because of a lack of essential features like image blocking and signing/encryption results), but I've added important major features like the “Find” interface to do text searches. A new feature is that this now also works for the headers. Scrolling behavior has been tricky to implement, but this is almost complete. Next up are changes needed for how HTML is created for the message view. The new message view allows multiple HTML segments to be created and displayed in separate HTML views. This is both more flexible and more robust with respect to security when dealing with signed/encrypted content and/or when displaying complex and/or multiple messages.
>
> (And the bad news: When I work on major features I tend to fall behind on answering emails and updating support tickets.)
>
> --
> Benny
> https://freron.com/become_a_mailmate_patron/
>
> On 30 Apr 2019, at 16:56, Benny Kjær Nielsen wrote:
>
>> Hi MailMate users,
>>
>> I know I'm behind on answering emails (also on the mailing list), but it doesn't mean I'm not working :)
>>
>> ## WKWebView
>>
>> Right now I'd just like to note that I'm busy working on replacing the main message view in MailMate. It currently uses the so-called WebView class provided by Apple, but this was deprecated a long time ago (by Apple) and it should be replaced by a so-called WKWebView. Both classes are used to display HTML (which MailMate also generates to display plain text messages) and if that is all that is needed then it's a simple replacement. But MailMate also has image blocking, context sensitive menus, text search, etc. and all of this has to work in a completely different way. In some cases, it's not even clear that I can provide the same features as before. We'll see about that. WKWebView is 10.10+, but right now it looks like image blocking can only work on 10.13+. I'm not quite sure what to do about that yet...
>>
>> The latest test release includes the new message view, but it's disabled for now because too many things don't work yet. I'm mainly writing about this since some changes might also affect the old message view in the latest test release.
>>
>> The good news is that when the replacement is finished then I should, at least in theory, be able to fix various old issues.
>>
>> ## Google OAuth API Application Verification
>>
>> MailMate uses the so-called OAuth2 authentication method for Gmail IMAP/SMTP access. This works far better than password-based access which I suspect is eventually going to be dropped completely by Google. I had (and still have) some reservations about OAuth2 support which I outlined in [this blog post](https://blog.freron.com/2015/is-oauth2-support-a-good-thing/). I expressed that I worried that Google would some day use OAuth2 to “hit the kill switch” on MailMate...
>>
>> ...and recently I was told by Google that I needed to start a verification process for MailMate. I've done that and if I understand correctly I have until the end of 2019 to complete this process.
>>
>> Now, the problem is that I'm not really sure I can (or is willing to) complete the verification process at all. It *might* include a security audit with a price tag between $15000 and $75000+ (I'm clearly in the wrong business). There seems to be exemptions for desktop email applications and I've asked Google to clarify this, but I also feel that I'm obligated to tell my users that I think it's a potential risk that MailMate cannot support Gmail starting January 1st, 2020. As soon as I fully understand what's going to happen, I'll make sure to clearly state it wherever it's relevant on the homepage and in the documentation.
>>
>> Here's a [link to the Google FAQ](https://support.google.com/cloud/answer/9110914) on the subject if anyone is interested.
>
> _______________________________________________
> mailmate mailing list
> mailmate at lists.freron.com
> https://lists.freron.com/listinfo/mailmate
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freron.com/pipermail/mailmate/attachments/20190531/f9fd2b21/attachment.sig>
More information about the mailmate
mailing list