On 10/14/2010 05:09 AM, Chris Evans wrote:
> In this instance, the most productive way forward might be to submit a
> patch. I'm sure the developers would be more receptive to an approach
> based on "here's a nice new feature" rather than an approach based on
> "pitchforks recruited from full-disclosure".
Quoting from Ryan's message that started this thread
<http://seclists.org/fulldisclosure/2010/Oct/86>:
There have been quite a few bug and features requests filed, and
they all get closed or rejected within a week or so. I also posted
something in the developer forum inquiring about this, and received
this response:
"I do not see any harm in storing credentials as long as the rest of
your system is properly secure as it should be."
It would appear that your certainty that "the developers would be more
receptive..." to a patch is misplaced.
jik
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/