[Pkg-wmaker-commits] [wmbiff] 04/84: details

Doug Torrance dtorrance-guest at moszumanska.debian.org
Thu Aug 20 03:01:45 UTC 2015 

This is an automated email from the git hooks/post-receive script.

dtorrance-guest pushed a commit to tag wmbiff_0_4_10
in repository wmbiff.

commit dcf5978f4f1aeb8487652514f9182f371273412a
Author: bluehal <bluehal>
Date:   Sat Jun 1 05:52:35 2002 +0000

    details
---
 TODO | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/TODO b/TODO
index ae2d2d7..94c0a38 100644
--- a/TODO
+++ b/TODO
@@ -1,15 +1,23 @@
 This is not a prioritized list.  Patches that accomplish
 these todo items are welcome.
 
+* Finish checking .wmbiffrc permissions.
+  With shell command execution support, it is even more
+  important to protect against other/group writability.
+  With passwords in the .wmbiffrc, .wmbiffrc shouldn't be
+  readable.  It might be best to complain all the time, but
+  only abort when a password is used from a readable file,
+  or a shell command is executed from a writable file.
 * Update for GNUTLS 0.4.x 
   GNUTLS changes its API on just about every release,
   generally to support additional functionality.  WMBiff
   will only release with support for one version of GNUTLS,
   likely whatever is in Debian unstable at the time.
 * Store and verify server certificates. 
-  I don't know whether gnutls supports this.  A pointer to
-  documentation that describes what to do, or a way to leech
-  stored certificates or CA's from mutt would be great.
+  Mutt will do this, but it seems to require a lot of code
+  that should perhaps be part of gnutls. If anyone is
+  interested in taking Andrew McDonald's gnutls for mutt
+  support and applying it to wmbiff, I'd accept the patch.
 * Optionally grab From / Subject for new IMAP on rightclick
   The sequence of commands "examine $mailbox" "search new"
   "fetch $msgnums (body[header.fields(from subject)])" "close"
@@ -52,6 +60,7 @@ these todo items are welcome.
   though its not clear any other clients can take advantage.
 * Support GSSAPI or SASL authentication
   Authentication using krb5 would be sweet.
+
 * Unlikely to get done, unless someone volunteers:
 * KDE/Gnome users: Test with KDE or gnome-panel
   Does Debian bug #108529 apply to wmbiff?  Can wmbiff
@@ -69,7 +78,7 @@ these todo items are welcome.
   If it works, tell us.  Optionally the patch at sourceforge
   could be integrated.
 
-$Id: TODO,v 1.14 2002/05/03 05:47:28 bluehal Exp $
+$Id: TODO,v 1.15 2002/06/01 05:52:35 bluehal Exp $
 
 Local Variables:
 mode: outline

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-wmaker/wmbiff.git

More information about the Pkg-wmaker-commits mailing list