Hello Julien, If my message has been FUD, I'm really sorry for that. However I believe that there are a few things we should be talked about (calmly).
> 1. is bullshit, I agree that one can argue about that point. It is certainly necessary for some users to configure mt-daapd remotely. However, can you please explain me, why this is enabled by default? CUPS is also reachable from localhost only, in it's default setting, but I'd bet that one can configure this. > 2. is debatable, but really not a big deal either, it's a matter of > policy, As you said, it's a matter of policy. However, predictable passwords are never good, are they? > 3. is wrong, plain and simple, You are right. This has been fixed completely. No further discussion needed. > 4. is wrong on the permissions, correct on the plaintext password. You are right. But I still think that a hashed pw would be _better_. It _might_ be even better to take the root pw like CUPS does. I wanted to thank you for your immediate response. I hope we will find a good solution together, but even if we don't we have at least discussed the problem which is always better than not discussing it. Best regards Alexander Kurtz
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
