On Thu, Jul 24, 2008 at 4:14 PM, omni <[EMAIL PROTECTED]> wrote: > Didn't have libssl-dev installed. > > I tried reverting to 4.1 and manually rebuilding with dpkg and libssl- > dev and now 4.1 works perfectly with TLS. > > Now that I have libssl-dev I could try with 5.4 but 4.1 seems to have > everything I need. Have there been any significant security updates > between 4.1 and 5.4 or are all the changes mostly cosmetic?
Security-wise, the most significant feature must be the usage of GNOME Keyring to store passwords. (They used to be stored in plaintext in ~/.gnome2/mail-notification/mailboxes.xml). Of course that particular feature is mentionned in the NEWS file, the paragraph itself is an entertaining read. Allow me to quote Jean-Yves: "Passwords are now encrypted, using GNOME Keyring. Note that I do not endorse the flawed GNOME Keyring approach of granting passwords an encryption-worth status while ignoring other sensitive data. Furthermore, at the time of this writing, GNOME Keyring does not seem to prevent the memory it uses for storing the passwords from being swapped out to disk. However, despite these flaws, it has been observed that GNOME Keyring has beneficial psychological effects on some users. For increased psychological well-being, MN even moves the plain text passwords it finds in mailboxes.xml to the keyring." Food for thoughts. ;-) Cheers, -Pascal -- Homepage (http://organact.mine.nu) Debian GNU/Linux (http://www.debian.org) LACIME: École de technologie supérieure (http://lacime.etsmtl.ca) -- IMAP/POP3+SSL/TLS are disabled https://bugs.launchpad.net/bugs/44335 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
