Control: severity -1 important Hi Sandro,
On Mon, 11 May 2020 at 18:34:06 +0200, Matus UHLAR - fantomas wrote: > the imap retry patch added within bug 947320 locks my accounts when I enter > invalid password. Could you please have a look at this regression report? You authored the patch and my PHP-fu is failing me :-P It should definitely not retry the very same incorrect credentials. Even on systems without anti-bruteforce logic that locks the user out, Roundcube still takes 5 times longer to complain a about a failed login — which is not negligible when an expensive PBKDF is used for credential verification. I think it's rather unfortunate that debian/patches/retry_to_reach_imap_server.patch was AFAICT never submitted upstream and landed into stable through -p-u. I dunno whether program/lib/Roundcube/rcube_imap.php:connect() has access to the IMAP state machine to determine whether a greeting was seen (AFAICT your intention was to retry on missing greeting lines, not on NO/BYE greeting conditions let alone failed authentication attempts) or to another interface returning whether the error is transient or not. Either way it'd be good to have upstream's blessing before adopting such patches to Debian :-) Thanks! cheers -- Guilhem.
signature.asc
Description: PGP signature
