Broken kio_smtp
Aaron J. Seigo
aseigo at olympusproject.org
Fri Apr 11 23:39:53 BST 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Friday 11 April 2003 05:50, Marc Mutz wrote:
> On Friday 11 April 2003 11:46, Waldo Bastian wrote:
> <snip>
>
> > I fail to see why this is an improvement. If the mail-server doesn't
> > care about the password, why should the user care about it? It's not
> > that the mail-server itself is authenticated in any way, is it?
>
> <snip>
>
> The case in question is the one where the slave is _explicitely_ asked
> to use a specific authentication mechanism. If the server doesn't
> support that, the slave should report it, not silently bypass the
> authentication step. It's just good engineering practice. Not exactly a
> security issue, but not very nice either.
so now instead of simply doing what it should do all on its own (skip
authentication) the user must go into the settings and do this? if so that's
not an improvement, it's a regression as far as usability goes.
popping up a warning that says that the server does not support authentication
and that it has been disabled would be an improvement, but not simply
refusing to go any further just to force the user to do extra work.
kmail, or whatever app is running the slave, should probably disable that
setting in its own account information so it doesn't try again and again to
authenticate ...
> As you can see, people already fell prey to it.
what harm, exactly, did it do? i can see the harm the new approach does: it
makes people think something is broken with the code!
- --
Aaron J. Seigo
GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA EE75 D6B7 2EB1 A7F1 DB43
KDE: The 'K' is for 'kick ass'
http://www.kde.org http://promo.kde.org/3.1/feature_guide.php
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+l0RC1rcusafx20MRAre7AJ9puMcPD1DkHQDMW7hT3lbUjTV+PgCfZlyM
CjV6yLKN3aNU2Whfv9qzW30=
=B2U2
-----END PGP SIGNATURE-----
More information about the kde-core-devel
mailing list