Subject: pine/alpine - add .pinepwd support?
To: None <pkgsrc-users@netbsd.org>
From: Todd Vierling <tv@pobox.com>
List: pkgsrc-users
Date: 10/09/2007 11:11:00
[I'm mostly inactive these days so I'm not on this list at the moment;
please Cc: me on replies.]

Would anyone be offended if I added the necessary small compile bits
to add support for PASSFILE ($HOME/.pinepwd) to pine and alpine by
default after the freeze is over?  I've seen this enabled in binary
builds elsewhere, and the code in question is not actually *used*
unless the .pinepwd file is created and chmod'd by hand.

UW's Pine docs have a big blob of warnings surrounding the PASSFILE
feature because of the usual "best practice"
0h-n0e-the-password-is-on-a-disk-and-readable schpiel.  I find that
quite misleading, because the whole point of PASSFILE is to save a
password used to access a remote mailstore.  (Contrast that with mail
being stored on the local disk, which has exactly the same risk of
data theft, yet seems to be perfectly fine in their minds.  Also note
that PC-Pine has PASSFILE enabled by default anyway.)

Plenty of multiuser systems have Pine deployed with this feature
enabled, so I don't see much of a problem with enabling the code by
default for binary builds.  Like any other Unixy tool, you're allowed
the rope, but it's up to you whether you hang yourself with it.

-- 
-- Todd Vierling <tv@duh.org> <tv@pobox.com> <todd@vierling.name>