This is a pretty bad habit and is unnecessary, even in debug mode.
This would avoid people getting their credentials being posted on the net when
wanting to help (cf: #198 ). Nor people catching on your screen the password as
you span through your log, or prevent you from storing full imap logs on log
period for whatever rare bug you are chasing... etc ... If there is a need to
show this content for debugging, I guess it should be activated manually by
decommenting a line in the code, to show that you know exactly what you want to
see.
The whole security of a system is lowered to the weakest link. Please don't let
``offlineimap`` be this link here.
I generally assume that logs SHOULD NOT contain plain text passwords.
---
Reply to this email directly or view it on GitHub:
https://github.com/OfflineIMAP/offlineimap/issues/266
_______________________________________________
OfflineIMAP-project mailing list: [email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/offlineimap-project
OfflineIMAP homepages:
- https://github.com/OfflineIMAP
- http://offlineimap.org
