| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4CB7E0A3.80509@kamens.us>
Date: Fri, 15 Oct 2010 01:03:31 -0400
From: Jonathan Kamens <jik@...ens.us>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Filezilla's silent caching of
user's credentials
On 10/14/2010 05:09 AM, Chris Evans wrote:
> In this instance, the most productive way forward might be to submit a
> patch. I'm sure the developers would be more receptive to an approach
> based on "here's a nice new feature" rather than an approach based on
> "pitchforks recruited from full-disclosure".
Quoting from Ryan's message that started this thread
<http://seclists.org/fulldisclosure/2010/Oct/86>:
There have been quite a few bug and features requests filed, and
they all get closed or rejected within a week or so. I also posted
something in the developer forum inquiring about this, and received
this response:
"I do not see any harm in storing credentials as long as the rest of
your system is properly secure as it should be."
It would appear that your certainty that "the developers would be more
receptive..." to a patch is misplaced.
jik
Content of type "text/html" skipped
Download attachment "smime.p7s" of type "application/pkcs7-signature" (5495 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists