On 2014/12/18 13:40, John Long wrote: > On Thu, Dec 18, 2014 at 01:30:23PM +0000, Stuart Henderson wrote: > > On 2014/12/18 12:38, Christian Weisgerber wrote: > > > On 2014-12-17, Stuart Henderson <st...@openbsd.org> wrote: > > > > > > > claws-mail uses encrypt() for password obfuscation in the saved config > > > > file (.claws-mail/accountrc), which was removed from libc. > > > > > > > > So an alternative diff below. It isn't particularly nice but does > > > > unbreak the port... Does anyone have a better idea? > > > > > > Doesn't changing the obfuscation, including removing it, mean that > > > a user's saved passwords are now lost? > > > > Yes. > > This could be very problematical since Claws doesn't offer the user a way to > view the password they saved and there is no warning when you type one in > that it's a one-way deal. I know of at least one person who didn't save his > email account passwords elsewhere, figuring Claws would surely allow him to > view/edit them later. He had to patch the code to spit out all the decrypted > passwords <big stupid grin>
https://github.com/b4n/clawsmail-password-decrypter > > I suppose the other option would be to add the removed DES code as a > > patch in the port.. > > I see no valid reason for encrypting them in the first place and would be > happy for this feature to go away transparently. But if you fixup > accountrc that would break Claws on other platforms when trying to import an > accountrc from OpenBSD with unencrypted passwords. That would be A Bad Thing. That's already the case with FreeBSD.
