On 2025-02-12, Steven Varco via dovecot <dovecot@dovecot.org> wrote: > Dovecot is an international software with many users living outside > of the EU and are therefore not legislated to those braindead EU > regulations.
btw, (like some of the USA's tax stuff) the UK and EU GDPR legislations are extra-territorial. They apply if you provide services to users in those areas, even if you're not in those areas yourself. still, from what Rupert posted: "the client sends the password in plain text (tls tunneled)" ...I find it hard to believe that using a TLS channel wouldn't be considered good enough for sending login information. Surely a salted hashed password database (who isn't using that anyway?) with disable_plaintext_auth would be acceptable. (If you want to open a can of worms, consider the contents of the emails themselves, which are often much more sensitive than the passwords...) _______________________________________________ dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-le...@dovecot.org
