Re: Is 603450 realy release critical?
On Wed, Dec 08, 2010 at 08:45:30AM +0100, Alexander Reichle-Schmehl wrote:
> #603450 is a bug (currently with severity grave, Justification: user
> security hole), as offlineimap does no ssl certificate checking.
Could you explain why it should be acceptable to announce secure
operation but ignore the very basic principles of it? #564690 is an old
example of the same problem.
> There's patch floating arround, which has a major regression: It doesn't
> work for users of self signed certificates.
>From what I've seen in the bug, even you should be able to fix that.
Bastian
--
... bacteriological warfare ... hard to believe we were once foolish
enough to play around with that.
-- McCoy, "The Omega Glory", stardate unknown
Reply to: