lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <4CB7E0A3.80509@kamens.us> Date: Fri, 15 Oct 2010 01:03:31 -0400 From: Jonathan Kamens <jik@...ens.us> To: full-disclosure@...ts.grok.org.uk Subject: Re: Filezilla's silent caching of user's credentials On 10/14/2010 05:09 AM, Chris Evans wrote: > In this instance, the most productive way forward might be to submit a > patch. I'm sure the developers would be more receptive to an approach > based on "here's a nice new feature" rather than an approach based on > "pitchforks recruited from full-disclosure". Quoting from Ryan's message that started this thread <http://seclists.org/fulldisclosure/2010/Oct/86>: There have been quite a few bug and features requests filed, and they all get closed or rejected within a week or so. I also posted something in the developer forum inquiring about this, and received this response: "I do not see any harm in storing credentials as long as the rest of your system is properly secure as it should be." It would appear that your certainty that "the developers would be more receptive..." to a patch is misplaced. jik Content of type "text/html" skipped Download attachment "smime.p7s" of type "application/pkcs7-signature" (5495 bytes) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists