While this is true and I certainly see your point, the fact remains that things broke severely when I upgraded. I did not receive any information about what was going on, and when I tried dpkg-reconfigure I still wasn't warned that this was going to happen.
And this is what makes this Release Critical. I totally buy your explanation about the unofficial status of /etc/c-client.cf, but I should be warned about it when I install the package, or do a dpkg-reconfigure, perhaps in the form of a notice telling me that there is important information to read if I'm upgrading and/or want to allow non-encrypted plaintext logins.
Is this possible? Why or why not?
/Martin
On Sun, 15 May 2005, Jonas Smedegaard wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 15-05-2005 11:06, Martin Domeij wrote:
From what I can see the bug 296904 (non-encrypted plaintext passwords) is not considered Release Critical. I think that this will break things severely for many people and that it therefore should be Release Critical and fixed as soon as possible. I think that there should be a question during install to allow non-encrypted plaintext passwords. Do you agree and is this possible?
I disagree.
Messing with /etc/c-client.cf is considered unofficial by upstream, so won't be supported as more than that by me either.
If you feel that this makes this software unsuited for your use, then please look for alternatives.
For IMAP and POP3 daemon I strongly recommend using dovecot.
Unfortunately there is no alternative than libc-client as library behind PHP :-(
And I believe the argument that shadow passwords should make the IETF recommandations fulfilled is wrong: Shadow passwords has nothing to do with sending passwords unencrypted on the wire.
Regards,
- Jonas
- -- * Jonas Smedegaard - idealist og Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/
- Enden er n�r: http://www.shibumi.org/eoti.htm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFChxtBn7DbMsAkQLgRAmGFAJ9KxZSxnEt14tBbzlypkiTFXEe4vwCeKIAo VRYalNUnMc1h66LP4Cv3/OM= =c2Q2 -----END PGP SIGNATURE-----
