Package: feed2imap Version: 0.4-4 Severity: wishlist Tags: security feed2imap requires users to include passwords in their ~/.feed2imaprc files, thereby increasing the number of files that need restrictive read permissions and making it hard for users to easily share setup experiences.
It would be much better if username and password were read from a separate, secured file - preferably using one of the existing files, such as ~/.netrc (used by FTP clients) or ~/.authinfo (used by Gnus, don't know about others). Users know to keep the contents of these files private, and it's clear that they are authentication stores - the auth info is not buried amongst lots of other config. This would also have the nice side effect of making password changes less painful, by reducing the number of stored password files to edit with the new password. -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (300, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12 Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1) Versions of packages feed2imap depends on: ii librmail-ruby1.8 0.15-1 lightweight mail library for Ruby ii ruby 1.8.2-1 An interpreter of object-oriented ii ruby1.8 1.8.2-9 Interpreter of object-oriented scr Versions of packages feed2imap recommends: ii libopenssl-ruby1.8 1.8.2-9 OpenSSL interface for Ruby 1.8 -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
