Hello,
I finally created an account in pootle using http only (as I
understood, there is no https yet) which was really annoying as of
course the password went in plaintext over the (http) wire. After
creation, I got an *unencrypted* e-mail *including my password*, so
the plaintext password got sent over another "wire" again!
I am really disappointed here - usually Debian takes pride to ensure
proper security and even before working with i18n.debian.net I
encounter two grave security problems which are well known and should
easily be avoided. Or is i18n.debian.net just one of the many projects
where security is bolted on later when something happend or a CVE
number has been assigned?
And just after I finally logged in, I got "greeted" by a completely
empty white page :-((
Disappointed
Helge
--
Dr. Helge Kreutzmann debian@helgefjell.de
Dipl.-Phys. http://www.helgefjell.de/debian.php
64bit GNU powered gpg signed mail preferred
Help keep free software "libre": http://www.ffii.de/
Attachment:
signature.asc
Description: Digital signature