-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Doki Pen wrote: > I was trying to sort out sid, authenticated for the announcerplugin and > discovered that a users unique id is actually a composite of these two > fields. Yet there are some places where only one of these fields is > used. [...]
Interesting. Taking over maintenance of AccountManagerPlugin I started thinking over security related scenarios too. Wouldn't it be good to have a private forum or regular meetings on private channel like #trac-security (just a guess) for this? I know, this is the highly disputed full vs. responsible disclosure thing. You may have a look at another related idea, that may become true sooner or later: http://trac.edgewall.org/wiki/TracDev/TrustedTrac I'll work towards it with maintenance of AccountManagerPlugin as well as with my contributions to AnnouncerPlugin, since this will even close a number existing tickets. Confident to get a grip on this Steffen Hoffmann -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkyl/q0ACgkQ31DJeiZFuHdknwCghszPJUS3Ez2HOSFdDF7UkQU6 TOkAoNnczjbw6fZGlB0kP3wIPLZb3N3P =bCdm -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Trac Development" group. To post to this group, send email to trac-...@googlegroups.com. To unsubscribe from this group, send email to trac-dev+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/trac-dev?hl=en.
