On Fri, 2 May 2014, Holger Levsen wrote:
Hi,
I've just read this bug report and must say that it's an excellent example how
perfect is the enemy of good.
Lenny has long been released by now and this mail isn't helping, except maybe
to ask: time to reconsider the "wontfix" tag?
God knows I'm not an expert on security matters but I asked DDs who
are and at that time they were pretty insistent that this is not a good
idea. In light of recent events, being able to do IMAP and POP3 over SSL
out of the box would be great but will using the snakeoil certificate
actually be secure or just give the illusion of security? If so, that is
not just not perfect, it is actually bad.
If the consensus has changed I'll reconsider this but I'm not aware that
it has.
--
Jaldhar H. Vyas <jald...@debian.org>
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
