Broken kio_smtp

Aaron J. Seigo aseigo at olympusproject.org
Sat Apr 12 23:27:19 BST 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Saturday 12 April 2003 03:35, Stephan Kulow wrote:
> Am Saturday 12 April 2003 00:39 schrieb Aaron J. Seigo:
> > kmail, or whatever app is running the slave, should probably disable that
> > setting in its own account information so it doesn't try again and again
> > to authenticate ...
>
> For that the slave still need to tell the app instead of simply ignoring
> the fact.

of course... but that isn't what i said, nor is it how it works right now 
anyways.

it is fine if the smtp ioslave puts up a warning, but simply stopping when the 
solution is obvious and safe (turning off auth for transmission) only makes 
things harder for the user. the "Right" thing for software to do is to work, 
and the fact that people think that the SMTP slave is suddenly broken due to 
this choice in behaviour shows that right now the SMTP slave isn't doing the 
"Right" thing... 

if this were a security issue (Marc used the term "security fix" to refer to 
his work) it would be different.. but i'd like to know what the security 
problem was, exactly. were passwords being leaked? no. were servers able to 
be used as relays when they shouldn't be? no. was email being delivered as 
expected? yes. did it interfere with encryption settings (SSL/TLS) if they 
existed? no.

the only security "problem" was that the user wasn't notified that they had 
set up SMTP auth, but that the server didn't actually support it. i think 
it's great that a warning is now shown, but stopping the transmission 
altogether?

if the only way for the IOSlave to tell the application that there was a 
problem is to fail completely then there is something wrong with the IOSlave 
infrastructure. it should be possible to send non-fatal errors back to client 
applications.

- -- 
Aaron J. Seigo
GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA  EE75 D6B7 2EB1 A7F1 DB43

KDE: The 'K' is for 'kick ass'
http://www.kde.org       http://promo.kde.org/3.1/feature_guide.php
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+mJLI1rcusafx20MRAndHAJ0SW1s4lXduu+4GhS2Ay0KbFbeXfQCfe+UY
ecwmCviRus8lYkYTWF+xneY=
=RYw/
-----END PGP SIGNATURE-----

More information about the kde-core-devel mailing list