Bug#603450: Is 603450 realy release critical?
On Wed, Dec 08, 2010 at 08:45:30AM +0100, Alexander Reichle-Schmehl wrote:
> #603450 is a bug (currently with severity grave, Justification: user
> security hole), as offlineimap does no ssl certificate checking.
Could you explain why it should be acceptable to announce secure
operation but ignore the very basic principles of it? #564690 is an old
example of the same problem.
> There's patch floating arround, which has a major regression: It doesn't
> work for users of self signed certificates.
>From what I've seen in the bug, even you should be able to fix that.
... bacteriological warfare ... hard to believe we were once foolish
enough to play around with that.
-- McCoy, "The Omega Glory", stardate unknown