aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--NEWS2
-rw-r--r--TODO.txt4
2 files changed, 6 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index a1e2ae1c..edab25a3 100644
--- a/NEWS
+++ b/NEWS
@@ -21,6 +21,8 @@ removed from a 6.4.0 or newer release.)
* POP2 is obsolete, support will be removed from a future fetchmail version.
* RPOP is obsolete, support will be removed from a future fetchmail release.
* --sslcertck will become a default setting in a future fetchmail version.
+* --sslfingerprint may be removed from a future fetchmail version, because it's
+ just too easily abused to create a false sense of security.
* The multidrop To/Cc guessing code along with the fragile duplicate suppressor
is deprecated and may be removed from a future release.
* The "envelope Received" option may be removed from a future release, because
diff --git a/TODO.txt b/TODO.txt
index a6186a1f..97305e01 100644
--- a/TODO.txt
+++ b/TODO.txt
@@ -90,6 +90,10 @@ questionable:
- CRYPTO: perhaps port to NSS? Check license and features and required procedure
changes. - Redhat Bugs #333741 (crypto consolidation), #346891 (port fetchmail to NSS)
- CRYPTO: make the SSL default v3 (rather than v23).
+- CRYPTO: remove sslfingerprint? too easily abused (see NEWS)
+- CRYPTO: force sslcertck
+- CRYPTO: by default forbid cleartext or other compromising password
+ schemes over insecure connections?
- put more hints to the FAQ (should we call it FGA?) as first support place
- make sure we print socket error messages such as connection reset by
peer to hint users the problem is not in fetchmail
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-16 16:43:14 +0000