Re: Bug#466669: ITP: squirrelmail-gpg -- GnuPG plugin for SquirrelMail

[Don Armstrong <don@debian.org>]

On Wed, 20 Feb 2008, Jan Hauke Rahm wrote:
> On Wed, Feb 20, 2008 at 01:56:05AM -0800, Don Armstrong wrote:
> > Otherwise it's pretty much insta-buggy by design.
> 
> Kind of, yes...

I think the other features are worthwhile enough to work around this,
so I'd strongly suggest that this package have the key-uploading and
other secret-key requiring bits disabled by default, with strong
warnings about the security issues with uploading keys (and how they
should be marked as untrusted keys before uploading) in whatever
configuration file is used to actually enable them, as well as
end-user documentation. [It may already do that; I've never used this
plugin.]


Don Armstrong

-- 
If a nation values anything more than freedom, it will lose its
freedom; and the irony of it is that if it is comfort or money it
values more, it will lose that, too.
 -- W. Somerset Maugham

http://www.donarmstrong.com              http://rzlab.ucr.edu