Hi Johannes, thanks for your kind words and for the feedback about missing features -- it's important to know what other people could use.
> -Missing ability to manage multiple IMAP accounts I personally do not need this feature, but acknowledge that plenty of people really need it. It's on a TODO list, but with a pretty low priority, simply because I find it more fulfilling to work on features that I use. It will definitely come in future, though. If you'd like to track development on this one, just add yourself to the watch list at https://projects.flaska.net/issues/90 . > -Secure password management (in connection with multiple accounts entering it > every time can be quite cumbersome) The thing (with most authentication methods) is that you really have to know the plaintext password in order to log in. Therefore you can do one of these things: - Just ask for it once per session. This is trivial, but inconvenient, and also the default behavior of Trojita. - Store it unencrypted on disk. This is insecure, but Trojita can do that now. - Have a hardcoded key in the application binary to use for encrypting password on disk. The improvement this provides over the previous one is minimal, in my opinion -- anyone with access to the encrypted password and the application can decrypt it. - Have a "master password" for multiple accounts. That'd be an improvement when multiple accounts are here. - Use the system's "wallet", if available. That'd be nice, patches are welcome. - Use another authentication scheme. Trojita can do that with SSH, where you setup your SSH keys, so that you can run IMAP over SSH. Trojita can do that now, and that's what I use most of the time. Except that it's useless for most people, as they probably cannot setup key authentication for SSH, or don't have SSH access to their IMAP server. It's a niche feature. - Have a security token (like a smartcard) of some kind. Requires massive support on both client and server side, and Trojita can't do that now. Again, patches welcome, QCA could be probably used for this one. I guess that the perfect solution would be to have Trojita talk to your OS' (or the desktop environment's) secret store. Or do you have something better in mind? Cheers, Jan -- Trojita, a fast e-mail client -- http://trojita.flaska.net/
signature.asc
Description: OpenPGP digital signature
