Summary: | net-mail/{uw-imap|vimap} ebuild disables part of security with ssl | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tero Pelander <tpeland> |
Component: | Default Configs | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | net-mail+disabled |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | [stable] jaervosz | ||
Package list: | Runtime testing required: | --- | |
Attachments: | "lowsecurity" local flag |
Description
Tero Pelander
2005-03-02 03:30:50 UTC
Created attachment 52443 [details, diff]
"lowsecurity" local flag
net-mail please advise. I'm all for it, with disabling cleartext passwords usage by default. There's already a suitable local USE flag for this - "clearpasswd" - used by two other packages. uw-imap-2004c-r3.ebuild is in CVS portage, with added "clearpasswd" USE flag and an ewarn message for users in pkg_setup(). Thanks for suggesting this, it's a good idea. security@, feel free to close this bug, as it's yours. The clearpasswd notification should only be display if "use ssl" is true. That is the requirement for any sort of secure transport. Otherwise the uw-imap-2004c-r3.ebuild is excellent. Ah, sorry about that omission. Fixed in CVS now. The warning for USE="-ssl -clearpassword" case contains a typo. Current..: Either enable "ssl" USE flag, or disable "clearpasswd" USE flag. Should be: Either enable "ssl" or "clearpasswd" USE flag. Hm, I shouldn't commit after sleep deprivation. Sorry everyone. I guess this one also affects to vimap, doesn't it? Cheers, Ferdy Yup, vimap too. Fixed in 2002c-r3. Arches please test and mark uw-imap-2004c-r3 and vimap-2002c-r3 stable. Both ebuilds stable on x86. Stable on ppc. sparc stable. uw-imap-2004c-r3 stable on amd64, vimap is all ~amd64 and has not yet had much testing. Stable on alpha. Thx everyone. Default Config issue -> closing. hppa please remember to mark stable. Already stable on hppa |