Discourse’s default attachment blacklist includes ‘signature.asc’ files. Why?
- discourse/site_settings.yml at e92f5e4fbf04a88d37dc5069917090abf6c07dec · discourse/discourse · GitHub
It appears that, when attachment blacklists were added to Discourse on 2016-08-03, (commit e92f5e4fbf04a88d37dc5069917090abf6c07dec), the default value for the “attachment_filename_blacklist” variable became “smime.p7s|signature.asc” – or to block S/MIME & GPG cryptographic signature attachment files.
Cryptographic signatures are very small & harmless, yet provide a cryptographic trail for validating the authenticity of a message.
What was the logic in deciding to block them by default?