[Users] Fwd: Deprecate libcrypt and don't build it by default.
Andrej Kacian
ticho at claws-mail.org
Thu Feb 1 11:43:36 CET 2018
On Thu, 1 Feb 2018 03:03:54 +0100
Michael Schwendt <bugs.michael at gmx.net> wrote:
> Hello, everyone!
>
> The following has been causing some disturbance recently:
>
> | Deprecate libcrypt and don't build it by default.
> | https://sourceware.org/ml/libc-alpha/2017-08/msg01257.html
>
> | The function prototypes for crypt and encrypt are removed from
> | unistd.h, and the function prototype for setkey is removed from
> | stdlib.h; they do *not* come back with --enable-obsolete-crypt.
>
> Claws Mail still contains compatibility code to decrypt old passwords
> which the user has not changed. As I understand it, Claws Mail does
> not re-encrypt those old passwords automatically, because it would not
> add security before the user would set a customized Master Password
> (a feature since 3.14.0).
>
> Are there any plans with regard to this?
There are no plans as of yet. The idea was that the old-style passwords
would eventually disappear, one by one, from users' configurations, and
the compatibility code will be removed many, many years from now.
I guess we could look at adding our own
--disable-obsolete-password-encryption configure option sometimes.
Regards,
--
Andrej
More information about the Users
mailing list