Message199342
I apologise for coming back to this issue lately, after its closing.
I must have misconfigured something in my tracking system.
Thank-you everybody for the work done, especiallly the careful handling and documenting of the case "only if password is present in file". I recognise my proposed patch was a bit flacky.
However, I don't get the rationale behind the restriction to the sole case where the file is the default .netrc ?
If a clear text password is exposed in any file, it is also a security problem, isn't it ? This specific file might be more difficult to find for an attacker, but not impossible.
Feel free to redirect this discussion to some other place if you want to keep this issue close and still. |
|
Date |
User |
Action |
Args |
2013-10-09 21:11:33 | bruno.Piguet | set | recipients:
+ bruno.Piguet, barry, georg.brandl, larry, giampaolo.rodola, benjamin.peterson, Arfrever, r.david.murray, python-dev |
2013-10-09 21:11:33 | bruno.Piguet | set | messageid: <1381353093.89.0.629321462422.issue14984@psf.upfronthosting.co.za> |
2013-10-09 21:11:33 | bruno.Piguet | link | issue14984 messages |
2013-10-09 21:11:33 | bruno.Piguet | create | |
|