I wasn't aware of Balsa or Geary, but it's interesting to note that the author has mentioned that they are affected by GNOME's culture. I also have found the GNOME devs to have issues with admitting any fault at all, security or otherwise, but I wasn't aware of them being linked to any email clients other than Evolution - which I have been using.
What's a good app for Exchange on Linux? I could use the web app, which my company has available, but I do appreciate having a dedicated email client sometimes, particularly for OS notifications (which will work without having the browser open).
Not defending the GNOME devs as being perfect, but I'd suggest reading this from the start: https://gitlab.gnome.org/GNOME/evolution/-/issues/3095 and then deciding if the author is really being affected by a "toxic development culture" at GNOME.
Reading the thread, I don't see how that's much of a defense.
A GNOME foundation member going through the thread to decorate the reporter's posts with clown emoji reactions is not great.
It seems reasonable to say "even if this is caused by one your library dependencies, users are using your application and you should try to find a mitigation."
If you get in a wreck because your brakes fail, imagine the car manufacturer saying "oh that's not a problem with the car, it's a problem with the brakes. Talk to the brake manufacturer."
"No warranty express or implied" and all that, but still.
Yeah ultimately the user doesn't install the dependencies, they install Evolution. So if there's a security issue, that's where they'll see it. There are also potential mitigation for this, for instance scrubbing the HTML (which it seems Geary actually does, just not for this).
No one here comes out looking particularly good, but at the end of the day the issue is still unpatched and OP is doing a good thing spreading that information.
Honestly, I think the GNOME devs in that thread were really patient with a bug filer who kept escalating and inserting little taunting quips, and ultimately was barking up the wrong tree (project). He could have easily just accepted that the bug was in a different project, and go press that team instead. You're not going to get anywhere with such an argumentative tone.
We’ll have to agree to disagree about that. The clown-emoji guy is out of line (at least, I wouldn’t respond to a user that way,) but the reporter:
* opens up his bug report passive-aggressively complaining about not getting a response to his emailed report, which he sent to a completely unrelated domain
* immediately fished for a bug bounty payout
* submitted his report against a 2.5 year old release, wasting maintainer time and then pushes back that because it came with his preferred distribution[0] that made it the Evolution maintainer’s problem.
* when the maintainers pointed out this was a dependency problem, accuses them of “buck passing” and demands they warn users of specific distributions about the problem he reported, which is, of course, completely impractical for them to do.
* does not engage at all with the Webkit developer who is trying to explain what the problem is and why fixing in Webkit is the right thing.
* demands one of a selected list of fixes from the maintainers. Note: if his suggested fixes are so simple, a PR at this point implementing one of them would have probably been more productive than what he did post:
I understand that this is completely out of your power to do anything about, and that it is also completely out of your power to put a notice in the UI about the functionality not working for privacy purposes. Please add clown and face-palm emojis to this comment as per my other comments, to indicate you have read it.
He didn’t do himself any favors and, IMO, doesn’t have much of a leg to stand on to complain about the tone of the response he got. He got back what he put out.
0 - a distribution, by the way, that is notorious for distributing hacked up out of date software. See: the OpenSSH key saga as well as projects like XScreensaver that have Debian-specific FAQ entries telling their users how to get reasonably up to date software (https://www.jwz.org/xscreensaver/faq.html#upgrade)
A few years ago while working at a company that required Exchange, I was using Thunderbird with an addon called Owl. It was a paid addon, I think in the neighborhood of $10 to $20, and very much worth it. Full calendar integration and everything. Outlook users would be interested in my setup.
You are looking for a minority of a minority of a minority - People using Linux, people using an email client, people using Linux that want all the MS Exchange features.
Tons of "general" email clients out there, sure, but you're talking about a largely proprietary system.
Have to disagree, having worked at multiple companies using Exchange for their email servers but with Linux workstations. It's not so uncommon for software devs to request a Linux system, depending on the field. I'll agree that it's less common, but the issue is more the small number of people using Linux rather than Exchange.
I like using edge for that. Desktop notifications works and I can log off from work by closing entire window. When I change company I am getting rid of profile.
What's a good app for Exchange on Linux? I could use the web app, which my company has available, but I do appreciate having a dedicated email client sometimes, particularly for OS notifications (which will work without having the browser open).