Author rhettinger
Recipients adrien-saladin, barry, kxroberto, python-dev, r.david.murray, rhettinger
Date 2016-06-11.21:25:46
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1465680346.49.0.97445305032.issue10839@psf.upfronthosting.co.za>
In-reply-to
Content
I think we should consider this as an API design bug and backport the fix.

This seems to be the exact cause of this week's email address leak at LetsEncrypt:  

* https://community.letsencrypt.org/t/email-address-disclosures-preliminary-report-june-11-2016/16867

* https://news.ycombinator.com/item?id=11881704

* https://twitter.com/TvdW/status/741482093054550016
History
Date User Action Args
2016-06-11 21:25:46rhettingersetrecipients: + rhettinger, barry, kxroberto, r.david.murray, adrien-saladin, python-dev
2016-06-11 21:25:46rhettingersetmessageid: <1465680346.49.0.97445305032.issue10839@psf.upfronthosting.co.za>
2016-06-11 21:25:46rhettingerlinkissue10839 messages
2016-06-11 21:25:46rhettingercreate