Comment 3 for bug 1750069

I will probably finish this MIR in ~two weeks, I thought I'd share the notes I've collected so far in case they are useful to anyone:

Some unclean logs:

update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults
/usr/include/glib-2.0/glib/gmem.h:124:8: warning: mutter_session_proxy may be used uninitialized in this function [-Wmaybe-uninitialized]
src/remotedesktopdialog.c:148:16: warning: device_type_name may be used uninitialized in this function [-Wmaybe-uninitialized]
dh_install: Please use dh_missing --list-missing/--fail-missing instead
E: Lintian run failed (policy violation)
Lintian: fail

And some notes on the code:

- image_button_clicked() does image previews
- compose_mail_thunderbird() and compose_mail_evolution() would probably
  allow attaching arbitrary files via malicious addresses -- are the
  addresses shown specifically to the user to confirm them first? The
  thunderbird variant may also allow the same attack via subject and
  body text.

- supports
  file chooser
  app chooser
  print
  screenshot
  notification
  inhibit
  access
  account
  email
  screen cast
  remote desktop

- launch_preview() appears to use unsafe string-based execution with
  user-supplied content rather than safe array-based execution.

Thanks