Subject: Re: pine/alpine - add .pinepwd support?
To: Todd Vierling <firstname.lastname@example.org>
From: David Brownlee <abs@NetBSD.org>
Date: 10/09/2007 18:40:23
On Tue, 9 Oct 2007, Todd Vierling wrote:
> [I'm mostly inactive these days so I'm not on this list at the moment;
> please Cc: me on replies.]
> Would anyone be offended if I added the necessary small compile bits
> to add support for PASSFILE ($HOME/.pinepwd) to pine and alpine by
> default after the freeze is over? I've seen this enabled in binary
> builds elsewhere, and the code in question is not actually *used*
> unless the .pinepwd file is created and chmod'd by hand.
> UW's Pine docs have a big blob of warnings surrounding the PASSFILE
> feature because of the usual "best practice"
> 0h-n0e-the-password-is-on-a-disk-and-readable schpiel. I find that
> quite misleading, because the whole point of PASSFILE is to save a
> password used to access a remote mailstore. (Contrast that with mail
> being stored on the local disk, which has exactly the same risk of
> data theft, yet seems to be perfectly fine in their minds. Also note
> that PC-Pine has PASSFILE enabled by default anyway.)
> Plenty of multiuser systems have Pine deployed with this feature
> enabled, so I don't see much of a problem with enabling the code by
> default for binary builds. Like any other Unixy tool, you're allowed
> the rope, but it's up to you whether you hang yourself with it.
Please go ahead. If you are feeling enthused you could add it
as to option.mk, defaulting to on.
David/absolute -- www.NetBSD.org: No hype required --