On Thu, Dec 18, 2014 at 01:30:23PM +0000, Stuart Henderson wrote: > On 2014/12/18 12:38, Christian Weisgerber wrote: > > On 2014-12-17, Stuart Henderson <st...@openbsd.org> wrote: > > > > > claws-mail uses encrypt() for password obfuscation in the saved config > > > file (.claws-mail/accountrc), which was removed from libc. > > > > > > So an alternative diff below. It isn't particularly nice but does > > > unbreak the port... Does anyone have a better idea? > > > > Doesn't changing the obfuscation, including removing it, mean that > > a user's saved passwords are now lost? > > Yes.
This could be very problematical since Claws doesn't offer the user a way to view the password they saved and there is no warning when you type one in that it's a one-way deal. I know of at least one person who didn't save his email account passwords elsewhere, figuring Claws would surely allow him to view/edit them later. He had to patch the code to spit out all the decrypted passwords <big stupid grin> > I suppose the other option would be to add the removed DES code as a > patch in the port.. I see no valid reason for encrypting them in the first place and would be happy for this feature to go away transparently. But if you fixup accountrc that would break Claws on other platforms when trying to import an accountrc from OpenBSD with unencrypted passwords. That would be A Bad Thing. /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary / \ http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04
