[digiKam-users] Security ?
Randy Wolf
randy.wolf at gmail.com
Thu Mar 2 13:19:34 GMT 2023
The real issue is... why does the system even have access to plaintext
passwords? generating such a report should be impossible.
reported to mailman at kde.org
On Thu, Mar 2, 2023 at 7:00 AM <digikam-users-request at kde.org> wrote:
> Send Digikam-users mailing list submissions to
> digikam-users at kde.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://mail.kde.org/mailman/listinfo/digikam-users
> or, via email, send a message with subject or body 'help' to
> digikam-users-request at kde.org
>
> You can reach the person managing the list at
> digikam-users-owner at kde.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Digikam-users digest..."
>
>
> Today's Topics:
>
> 1. Re: Security ? (Gilles Caulier)
> 2. Re: Re-written digiKam Online User Manual is Complete...
> (Gilles Caulier)
> 3. Re: Security ? (Maik Qualmann)
> 4. Re: Security ? (Brian Morrison)
> 5. Re: Security ? (Remco Viëtor)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 2 Mar 2023 07:26:11 +0100
> From: Gilles Caulier <caulier.gilles at gmail.com>
> To: "digikam-users at kde.org" <digikam-users at kde.org>
> Subject: Re: [digiKam-users] Security ?
> Message-ID:
> <CAHFG6sF9swj9SJazgsYHKR7vCeGg=
> MsH_VUVVVZufOWm9rJsMQ at mail.gmail.com>
> Content-Type: text/plain; charset="UTF-8"
>
> Hi,
>
> The mail server hosted in KDE infrastructure have been upgraded few
> weeks ago by KDE admin. It sound like a configuration problem or
> something like that. I recommend to report this problem to the KDE
> admin team.
>
> Note : we are (digiKam team) not responsible of mail server
> administration. The project use as well the infrastructure
> functionalities.
>
> Best regards
>
> Gilles Caulier
>
> Le jeu. 2 mars 2023 à 06:28, Herman Callens
> <herman.callens at outlook.be> a écrit :
> >
> > I got this mail today (see below signature) to remind me about my
> mailing list membership.
> >
> >
> >
> > I am very worried about the fact that my password is included in this
> mail. This means that there is a real technological and organisational
> security-problem in you mailing-system en organisation.
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Herman Callens
> >
> > Welvaartstraat 77
> >
> > 2530 Boechout
> >
> >
> >
> > M. herman.callens at outlook.be
> >
> > G. +32 (0)478 99 99 92
> >
> >
> >
> >
> >
> > This is a reminder, sent out once a month, about your kde.org mailing
> list memberships. It includes your subscription info and how to use it to
> change it or unsubscribe from a list.
> >
> >
> >
> > You can visit the URLs to change your membership status or
> configuration, including unsubscribing, setting digest-style delivery or
> disabling delivery altogether (e.g., for a vacation), and so on.
> >
> >
> >
> > In addition to the URL interfaces, you can also use email to make such
> changes. For more info, send a message to the '-request' address of the
> list (for example, mailman-request at kde.org) containing just the word
> 'help' in the message body, and an email message will be sent to you with
> instructions.
> >
> >
> >
> > If you have questions, problems, comments, etc, send them to
> mailman-owner at kde.org. Thanks!
> >
> >
> >
> > Passwords for callens.herman at telenet.be:
> >
> >
> >
> > List Password // URL
> >
> > ---- --------
> >
> > digikam-users at kde.org xxxxxxxxxxxxxxxxxx
> >
> >
> https://mail.kde.org/mailman/options/digikam-users/callens.herman%40telenet.be
> >
> >
>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 2 Mar 2023 07:32:44 +0100
> From: Gilles Caulier <caulier.gilles at gmail.com>
> To: digiKam - Home Manage your photographs as a professional with the
> power of open source <digikam-users at kde.org>
> Subject: Re: [digiKam-users] Re-written digiKam Online User Manual is
> Complete...
> Message-ID:
> <
> CAHFG6sFcvxLdAGb+DthEH3o_0QJ0CTnwE1rFufiQtjkQVPm0gw at mail.gmail.com>
> Content-Type: text/plain; charset="UTF-8"
>
> Hi all,
>
> In fact, the French internationalization of the online documentation
> does not contain yet any translations. Sounds like nobody works on it,
> even if files are prepared and ready to be translated.
>
> Look the translation stats by team in this page :
>
> https://l10n.kde.org/stats/gui/trunk-kf5/package/digikam-doc/
>
> In other words, if you want to contribute to digiKam without having to
> code anything, it's time to help with translation from English to your
> native language. All is explained in this README file :
>
> https://invent.kde.org/documentation/digikam-doc/-/blob/master/README.md
>
> ... see ""Translations" section for details.
>
> Best regards
>
> Gilles Caulier
>
> Le mar. 28 févr. 2023 à 16:20, Gilles Caulier
> <caulier.gilles at gmail.com> a écrit :
> >
> > The French translation is so far not yet competed. Untranslated strings
> still in English…
> >
> > Gilles
> >
> > Le mar. 28 févr. 2023 à 15:54, Jean-Pierre Boucher <
> jp.boucher1 at gmail.com> a écrit :
> >>
> >> Hello Gilles,
> >> this is great news, I am pleasantly surprised by this great success.
> There are certainly still a few fine-tunings, but compared to the whole
> process, it's really nothing. In fact I just tried to switch to the French
> version but it doesn't seem to work (I'm staying in the English version) on
> the other hand the Italian, Spanish and Portuguese versions seem to
> work...I guess it's normal you have to move forward on all sides, I see
> that everything is moving at high speed. Congratulations to you and to all
> the teams who contributed to all this. This will be a big plus point for
> digiKam. Congratulations Jean-Pierre
> >>
> >> Le lun. 27 févr. 2023 à 16:47, Gilles Caulier <caulier.gilles at gmail.com>
> a écrit :
> >>>
> >>> Hi all,
> >>>
> >>> After 3 long months of re-writing, the online digiKam manual is ready
> >>> to use for all users... It's also available as an e-pub and translated
> >>> in different languages. Plenty of missing sections have been added
> >>> compared to the original handbook.
> >>>
> >>> https://docs.digikam.org/en/
> >>>
> >>> Have fun reading this manual.
> >>>
> >>> Best regards
> >>>
> >>> Gilles Caulier
> >
> > --
> > Send with Gmail Mobile
>
>
> ------------------------------
>
> Message: 3
> Date: Thu, 02 Mar 2023 12:39:15 +0100
> From: Maik Qualmann <metzpinguin at gmail.com>
> To: digikam-users at kde.org
> Subject: Re: [digiKam-users] Security ?
> Message-ID: <2669966.mvXUDI8C0e at linux-tpgn>
> Content-Type: text/plain; charset="iso-8859-1"
>
> @Gilles, don't you get this mail? It's a reminder email, I've been getting
> it
> every month for many years. Possibly configurable in the mail interface?
> I'll
> take a look tonight. But I also think that it is not a security problem,
> since
> more than logging in/out of the mail system is not possible.
>
> Maik
>
> Am Donnerstag, 2. März 2023, 07:26:11 CET schrieb Gilles Caulier:
> > Hi,
> >
> > The mail server hosted in KDE infrastructure have been upgraded few
> > weeks ago by KDE admin. It sound like a configuration problem or
> > something like that. I recommend to report this problem to the KDE
> > admin team.
> >
> > Note : we are (digiKam team) not responsible of mail server
> > administration. The project use as well the infrastructure
> > functionalities.
> >
> > Best regards
> >
> > Gilles Caulier
> >
> > Le jeu. 2 mars 2023 à 06:28, Herman Callens
> >
> > <herman.callens at outlook.be> a écrit :
> > > I got this mail today (see below signature) to remind me about my
> mailing
> > > list membership.
> > >
> > >
> > >
> > > I am very worried about the fact that my password is included in this
> > > mail. This means that there is a real technological and organisational
> > > security-problem in you mailing-system en organisation.
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > Herman Callens
> > >
> > > Welvaartstraat 77
> > >
> > > 2530 Boechout
> > >
> > >
> > >
> > > M. herman.callens at outlook.be
> > >
> > > G. +32 (0)478 99 99 92
> > >
> > >
> > >
> > >
> > >
> > > This is a reminder, sent out once a month, about your kde.org mailing
> list
> > > memberships. It includes your subscription info and how to use it to
> > > change it or unsubscribe from a list.
> > >
> > >
> > >
> > > You can visit the URLs to change your membership status or
> configuration,
> > > including unsubscribing, setting digest-style delivery or disabling
> > > delivery altogether (e.g., for a vacation), and so on.
> > >
> > >
> > >
> > > In addition to the URL interfaces, you can also use email to make such
> > > changes. For more info, send a message to the '-request' address of
> the
> > > list (for example, mailman-request at kde.org) containing just the word
> > > 'help' in the message body, and an email message will be sent to you
> with
> > > instructions.
> > >
> > >
> > >
> > > If you have questions, problems, comments, etc, send them to
> > > mailman-owner at kde.org. Thanks!
> > >
> > >
> > >
> > > Passwords for callens.herman at telenet.be:
> > >
> > >
> > >
> > > List Password // URL
> > >
> > > ---- --------
> > >
> > > digikam-users at kde.org xxxxxxxxxxxxxxxxxx
> > >
> > >
> https://mail.kde.org/mailman/options/digikam-users/callens.herman%40telene
> > > t.be
>
>
>
>
>
>
> ------------------------------
>
> Message: 4
> Date: Thu, 2 Mar 2023 11:44:11 +0000
> From: Brian Morrison <bdm at fenrir.org.uk>
> To: digikam-users at kde.org
> Subject: Re: [digiKam-users] Security ?
> Message-ID: <20230302114411.7e2edb49 at deangelis.fenrir.org.uk>
> Content-Type: text/plain; charset=US-ASCII
>
> On Thu, 02 Mar 2023 12:39:15 +0100
> Maik Qualmann <metzpinguin at gmail.com> wrote:
>
> > But I also think that it is not a security problem
>
> People do re-use passwords, that can open up potential attacks on other
> accounts linked by email address.
>
> --
>
> Brian Morrison
>
> "I am not young enough to know everything"
> Oscar Wilde
>
>
> ------------------------------
>
> Message: 5
> Date: Thu, 02 Mar 2023 12:46:29 +0100
> From: Remco Viëtor <remco.vietor at wanadoo.fr>
> To: digikam-users at kde.org
> Subject: Re: [digiKam-users] Security ?
> Message-ID: <3547026.R56niFO833 at manticore>
> Content-Type: text/plain; charset="UTF-8"
>
> On jeudi 2 mars 2023 12:39:15 CET Maik Qualmann wrote:
> > @Gilles, don't you get this mail? It's a reminder email, I've been
> getting
> > it every month for many years. Possibly configurable in the mail
> interface?
> > I'll take a look tonight. But I also think that it is not a security
> > problem, since more than logging in/out of the mail system is not
> possible.
> >
> > Maik
> >
> > Am Donnerstag, 2. März 2023, 07:26:11 CET schrieb Gilles Caulier:
> > > Hi,
> > >
> > > The mail server hosted in KDE infrastructure have been upgraded few
> > > weeks ago by KDE admin. It sound like a configuration problem or
> > > something like that. I recommend to report this problem to the KDE
> > > admin team.
> > >
> > > Note : we are (digiKam team) not responsible of mail server
> > > administration. The project use as well the infrastructure
> > > functionalities.
> > >
> > > Best regards
> > >
> > > Gilles Caulier
> > >
> > > Le jeu. 2 mars 2023 à 06:28, Herman Callens
> > >
> > > <herman.callens at outlook.be> a écrit :
> > > > I got this mail today (see below signature) to remind me about my
> > > > mailing
> > > > list membership.
> > > >
> > > >
> > > >
> > > > I am very worried about the fact that my password is included in this
> > > > mail. This means that there is a real technological and
> organisational
> > > > security-problem in you mailing-system en organisation.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > Herman Callens
> > > >
> > > > Welvaartstraat 77
> > > >
> > > > 2530 Boechout
> > > >
> > > >
> > > >
> > > > M. herman.callens at outlook.be
> > > >
> > > > G. +32 (0)478 99 99 92
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > This is a reminder, sent out once a month, about your kde.org
> mailing
> > > > list
> > > > memberships. It includes your subscription info and how to use it to
> > > > change it or unsubscribe from a list.
> > > >
> > > >
> > > >
> > > > You can visit the URLs to change your membership status or
> > > > configuration,
> > > > including unsubscribing, setting digest-style delivery or disabling
> > > > delivery altogether (e.g., for a vacation), and so on.
> > > >
> > > >
> > > >
> > > > In addition to the URL interfaces, you can also use email to make
> such
> > > > changes. For more info, send a message to the '-request' address of
> the
> > > > list (for example, mailman-request at kde.org) containing just the word
> > > > 'help' in the message body, and an email message will be sent to you
> > > > with
> > > > instructions.
> > > >
> > > >
> > > >
> > > > If you have questions, problems, comments, etc, send them to
> > > > mailman-owner at kde.org. Thanks!
> > > >
> > > >
> > > >
> > > > Passwords for callens.herman at telenet.be:
> > > >
> > > >
> > > >
> > > > List Password // URL
> > > >
> > > > ---- --------
> > > >
> > > > digikam-users at kde.org xxxxxxxxxxxxxxxxxx
> > > >
> > > >
> https://mail.kde.org/mailman/options/digikam-users/callens.herman%40tele
> > > > ne
> > > > t.be
> Also, I can't remember defining a password for web access, as I never
> connected to that site... Registering for the mailing list was done
> through
> email.
>
> So, how can you make sure that someone connecting to the website has
> access to
> the email address, other than sending them the password by email?
>
> Remco
>
>
>
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> Digikam-users mailing list
> Digikam-users at kde.org
> https://mail.kde.org/mailman/listinfo/digikam-users
>
>
> ------------------------------
>
> End of Digikam-users Digest, Vol 214, Issue 5
> *********************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/digikam-users/attachments/20230302/a23cf4fc/attachment-0001.htm>
More information about the Digikam-users
mailing list