From: "John Stracke" <jstracke(_at_)incentivesystems(_dot_)com>
There exist security problems associated with HTML-enabled mail readers,
and the security of this list (given the MASSIVE number of viri
distributed through it) is sufficiently suspect to disable that in many
systems.
We're not talking about this list, though; we're talking about
ietf-announce, where only the Secretariat can post. Moreover, we're
probably talking about an optional digestified form of ietf-announce;
people who can't trust their MUA don't have to use it.
There would be still absolutely no excuse for HTML. Even if the
ietf-announce traffic were safe, by sending HTML you are strongly
encouraging people to misuse misdesigned browswers as their MUAs and
so causing them to be vulnerable to bad traffic from other sources.
Besides, as has been pointed out, those of us who actually subscribe
to ietf-announce have had not trouble using the URLs that have long
been in almost all of those non-HTML messages, whether we are foolish
enough to use a browser for our MUAs or not.
Yes, I'm wondering how many people complaining about ietf-announce
actually subscribe to it, or would subscribe to it in any case.
Vernoe Schryver vjs(_at_)rhyolite(_dot_)com