* Bremner and dkg are co-hosting a BoF at [debconf](https://summit.debconf.org/debconf15/meeting/217/improving-privacy-and-security-for-notmuch-mail/).
-* The meeting is Monday 2015-08-17, 1700-1800
+* The meeting is Monday 2015-08-17, 1700-1800 CET
* Video streaming should be [available](https://wiki.debconf.org/wiki/DebConf15/Videostream/Amsterdam)
Moving parts for secure e-mail
------------
-* libnotmuch
-* /usr/bin/notmuch
-* notmuch-emacs
-* libgmime
-* GnuPG
-* xapian
-* mml-mode (emacs)
+* libxapian (C++, full text search)
+* libgmime (C, glib, RFC822+MIME library)
+* libnotmuch (C and C++)
+* /usr/bin/notmuch (C)
+* GnuPG (C)
+* Emacs UI (emacs lisp)
+ * notmuch-emacs
+ * mml-mode
+* Alot / nmbug / nmbug-status (python)
+ * python-bindings
* webmail:
- * noservice
- * notmuch web
+ * noservice (Clojure)
+ * notmuch web (Haskell)
Security concerns
-----------------
* wrong key selection during composition
* reply (message mode defaults)
* inline PGP
+* message-id collisions
* webmail authentication/authorization (muliple users?)
* webmail message escaping (XSS, etc)
* shell injection
* terminal escape sequences
* S/MIME support
+* reproducible builds:
+ [sphinx man pages](https://reproducible.debian.net/rb-pkg/testing/amd64/notmuch.html)
### usability as security?
projects / notmuch-wiki / blobdiff