Hi, On Wed, Oct 15, 2014 at 07:19:17PM +0200, Christoph Anton Mitterer wrote: > On Wed, 2014-10-15 at 23:59 +0900, Osamu Aoki wrote: > > 0010-maildrop-2.3.0-dovecotauth.patch > Wohw.... that's quite quite a tremendous step,... especially since > dovecot is probably *the* IMAP/POP server these days...
Most maildrop users use it as the local delivary agent. (Fetching mail from IMAP is done by getmail etc.). > Has upstream really confirmed it's no longer maintained? Are there any > hints for actually possible security issues (I mean we're not talking > about crypto here)? Some facts: * No explicit security issue has been raised as far as I know. * Upstream of maildrop never integrated this patch. * Upstream of patch is not active. This program handles internet exposed data so is very prone to be exposed to the threat. This is a type of program which requires the highest level of security attention. In retrospective, applying this patch which was not accepted / discussed by the upstream was my bad move. I can not be responsible to keep this going. By the way, you make such a strong statements. Have you used this functionality? > I guess maildrop upstream would refuse to take up the patch since he > live in the courier-only world? I do not know if what you state here is true or not. I just have no idea what upstream thinks. > This is pretty sad... well this an that maildrop doesn't allow to mark > filtered mails as being read.... actually maildrop would be such a nice > program, but these tow deficiencies make it basically useless. If you feel so strong about this, please discuss this with upstream. The patch in Debian source pakcge is rebased to more recent source tree than the on published by the original patch author. If upstream integrate this to the upstream source tree, I will be happy to ship it. (FYI: The upstream integrated 2 patches from Debian recently.) Regards, Osamu -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
