1
0
mirror of https://github.com/moparisthebest/mail synced 2024-11-15 21:55:04 -05:00
mail/README.md

74 lines
4.4 KiB
Markdown
Raw Normal View History

mail-html5 [![Build Status](https://travis-ci.org/whiteout-io/mail-html5.png)](https://travis-ci.org/whiteout-io/mail-html5)
2013-03-13 11:50:46 -04:00
==========
2014-01-16 06:03:14 -05:00
Whiteout Mail is an easy to use email client with integrated OpenPGP encryption written in pure JavaScript. Download the official version under [whiteout.io](http://whiteout.io).
2014-01-16 05:27:48 -05:00
2014-01-18 09:31:26 -05:00
### Features
2014-01-18 09:31:45 -05:00
You can read about product features and our future roadmap in our [FAQ](https://github.com/whiteout-io/mail-html5/wiki/FAQ).
2014-01-18 09:31:26 -05:00
2014-01-16 06:03:14 -05:00
### Privacy and Security
2014-01-16 05:27:48 -05:00
2014-01-18 09:31:26 -05:00
We take the privacy of your data very seriously. Here are some of the technical details:
2014-07-29 06:06:57 -04:00
* Messages are [encrypted end-to-end ](http://en.wikipedia.org/wiki/End-to-end_encryption) using the [OpenPGP](http://en.wikipedia.org/wiki/Pretty_Good_Privacy) standard. This means that only you and the recipient can read your mail. Your messages and private PGP key are stored encrypted on your computer.
* Users have the option to use [encrypted private key sync](https://blog.whiteout.io/2014/07/07/secure-pgp-key-sync-a-proposal/) if they want to use Whiteout on multiple devices.
2014-01-16 06:12:13 -05:00
2014-01-18 09:46:39 -05:00
* Like most native email clients whiteout mail uses raw [TCP sockets](http://developer.chrome.com/apps/socket.html) to communicate directly with your mail server via IMAP/SMTP.
2014-01-16 06:12:13 -05:00
2014-07-28 13:15:36 -04:00
* Mail server [SSL certificates are pinned](http://security.stackexchange.com/questions/29988/what-is-certificate-pinning) in order to protect against SSL certificate forgery and other man in the middle attacks.
2014-01-16 06:12:13 -05:00
2014-01-18 09:46:39 -05:00
* The app is deployed as a [Chrome Packaged App](https://developer.chrome.com/apps/about_apps.html) with [auditable static versions](https://github.com/whiteout-io/mail-html5/releases) in order to prevent [problems with host-based security](http://tonyarcieri.com/whats-wrong-with-webcrypto).
2014-01-16 06:36:23 -05:00
* [Content Security Policy (CSP)](http://www.html5rocks.com/en/tutorials/security/content-security-policy/) is enforced to prevent against injection attacks.
2014-01-16 06:12:13 -05:00
2014-07-28 13:15:36 -04:00
* HTML mails are sanitized with [DOMPurify](https://github.com/cure53/DOMPurify) and are rendered in a sandboxed iframe.
* Displaying mail images is optional and opt-in by default.
2014-01-16 05:38:32 -05:00
### Reporting bugs and feature requests
2014-01-16 06:38:26 -05:00
* We will launch a bug bounty program later on for independant security researchers. If you find any security vulnerabilities, don't hesitate to contact us [security@whiteout.io](mailto:security@whiteout.io).
2014-01-16 06:13:03 -05:00
2014-01-16 05:45:57 -05:00
* You can also just create an [issue](https://github.com/whiteout-io/mail-html5/issues) on GitHub if you're missing a feature or just want to give us feedback. It would be much appreciated!
2014-01-16 05:38:32 -05:00
### Testing
2014-01-15 11:57:18 -05:00
2014-02-13 13:53:20 -05:00
You can download a prebuilt bundle under [releases](https://github.com/whiteout-io/mail-html5/releases) or build your own from source (requires [node.js](http://nodejs.org/download/), [grunt](http://gruntjs.com/getting-started#installing-the-cli) and [sass](http://sass-lang.com/install)):
2013-04-01 17:23:25 -04:00
2014-01-18 09:46:39 -05:00
npm install && npm test
2014-06-05 09:36:53 -04:00
2014-01-18 09:46:39 -05:00
This will download all dependencies, run the tests and build the Chrome Packaged App bundle **DEV.zip** which can be installed under [chrome://extensions](chrome://extensions) in developer mode.
2014-01-16 05:02:52 -05:00
2014-02-18 13:20:44 -05:00
### Development
For development you can start a connect dev server:
grunt dev
2014-06-05 09:36:53 -04:00
Then visit [http://localhost:8580/dist/chrome.html#/desktop](http://localhost:8580/dist/chrome.html#/desktop) for front-end code or [http://localhost:8580/test/unit/](http://localhost:8580/test/unit/) to test JavaScript changes. You can also start a watch task so you don't have rebuild everytime you make a change:
2014-02-18 13:20:44 -05:00
grunt watch
2014-05-23 05:36:12 -04:00
## Releasing
grunt release-test --release=0.0.0.x
grunt release-stable --release=0.x.0
2014-01-15 11:48:15 -05:00
## License
2014-04-15 12:34:05 -04:00
Copyright © 2014, Whiteout Networks GmbH. All rights reserved.
2014-01-16 04:59:41 -05:00
2014-01-16 05:02:52 -05:00
The code is open for inspection and peer review by the security community.
The code is currently not licensed under an open source license. If you're
interested in contributing or getting a license, please get in touch with
2014-01-16 05:04:39 -05:00
us (info@whiteout.io).
2014-01-16 04:59:41 -05:00
2014-01-16 06:40:49 -05:00
### Third party libraries
2014-01-18 09:13:49 -05:00
We work together with existing open source projects wherever possible and contribute any changes we make back upstream. Many of theses libraries are licensed under an open source license. Here are some of them:
2014-01-16 04:59:41 -05:00
* [OpenPGP.js](http://openpgpjs.org) (LGPL license): An implementation of OpenPGP in Javascript
2014-04-24 12:16:40 -04:00
* [email.js](http://emailjs.org) (MIT license): IMAP, SMTP, MIME-building and MIME-parsing engine
* [Forge](https://github.com/digitalbazaar/forge) (BSD license): An implementation of TLS in JavaScript