On Wed, 14 Feb 2007, Mark Crispin wrote: > > Maybe the best solution would be for Pine to be compatible with more secure > > methods for keeping passwords in user accounts (I'm thinking of keyring > > schemes) > > We agree. We already do this for Mac OS X and Windows. We would certainly > appreciate information on how to do this on Linux.
I keep screaming for death ears... PGP - encrypt the darn passfile with PGP! > Hopefully there is One True Way for keyringing on Linux. Nom, neither is there One True Way for Windows or any other operating system I know of. > Even better would be > if the Linux guys, BSD guys, SVR4 guys, and the Mac OS X guys could agree upon > that One True Way (as more or less happened with PAM) for all UNIX-like > operating systems. Use PGP - it's wonderfull, honoust :) > > but making the option compile-time only, and not even putting it commented > > out in the relevant header file (at least, last time I checked) looks like > > peevishness or dogma. > > It's neither. The PASSFILE feature was initially Windows-only, and only at a > user request did we allow the option to compile it into UNIX. We never > intended that this would be part of the UNIX function set; and we certainly > would never turn this on on our UNIX systems. To this is a "it's just mail for crying out loud" case. As pointed out earlier, if someone grabs that passfile from me, they can enjoy reading through all my mail.. I frankly dont care, if is transported openly over insecure networks in clear text anyways. The password I use to contact IMAP servers is _only_ used for contacting those certain IMAP servers, I cannot use them to log onto any other systems with them. > > Sounds like you're foolish enough not to have good password discipline, > > then! Someone who got their hands on my PASSFILE would get access to my mail > > account, nothing more. > > Non-sequitor. The PASSFILE only has "mail accounts"; but you are making the > (unwise) assumption that a "mail account" is never the same as a "shell > account". Some systems provide the facility of separate passwords for "mail > accounts" vs. other types of accounts; others do not. And that's their problem - not mine. > > Anyway, none of this matters much in the context of packaging for Debian, > > where a patch is simply applied. > > As long as it's documented as a being a Debian patch and not in our > distribution... ;-) I see a long lists of patches needed for alpine as well - I hoped it could be avoided :P -- kolla -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
