[pkg-fetchmail-maint] Bug#412798: Please ignore self-signed
certificates and similar problems for fetchmail
Matthias Andree
matthias.andree at gmx.de
Wed Feb 28 16:31:21 CET 2007
The request to modify either fetchmail or logcheck is bogus.
If the suggested modification were made, logcheck would no longer report
Man-in-the-middle attacks mounted against fetchmail.
If the reporter is unable to convince the upstream to use correct
certificates or server names, and is unable to work around the problem
in the fetchmail configuration (try via... or something, untested
however), then he should use ignore.d.server/local-* or
violations.ignore.d/local-* files.
The distribution should not suppress messages reporting possible
intrusion or eavesdropping.
--
Matthias Andree
More information about the pkg-fetchmail-maint
mailing list