Hi, unhashed passwords for the admin accounts should leave no room for discussion. I can't seem to understand how a product can be as focussed on security as DTC (with sbox and such addons) and then neglect best practices and deem the most basic level of security a "wishlist item".
There is no single reason that the admin user accounts should be saved unexpectedly. (Dealing with mass signups is an issue, but could be dealt with in much saner ways than manually comparing passwords) There's two worrying things in this bug report a) DTC has unencrypted admin passwords b) The issue is still open 4 weeks later because of different opinions (and other priorities?) Thomas, DTC is the most powerful panel around, but this single issue is so great that I'd expect to be held liable by the customers in aftermath of a hack. This isn't the optional type of security. Greetings, Florian -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
