[Alpine-info] Seeking someone who..?

[Andrew C Aitchison]

On Thu, 30 Nov 2023, D.J.J. Ring, Jr. wrote:


> It seems that it would be possible when configuring alpine to have a switch

> much like the one that creates the ability to use the pinepass file.

>

> The default would continue to be as it is now but the user could decide to

> use the less secure method of accessing alpine if they wished.


That would be possible.

However, Eduardo Chappa, who does almost all of the alpine development,
has said that he does not wish to do this (Carlos has already given the
reference 
https://comp.mail.pine.narkive.com/UcMK4NZG/suppress-master-password-prompt
) since it would be a security hole.

Unless Eduardo has changed his mind, or the person or distribution
who built the alpine on your machine disagrees with him, the default 
alpine is not going to have a switch to enable the convenient but
insecure password file.
It would not be hard to write a patch to add such a switch, but anyone
who can apply this patch to alpine could just make alpine work
in "convenient" mode without the switch. This would be a smaller patch.

For a single user machine the smaller patch would be sufficient.
For a multi-user machine, I imagine that the administrator would
not wish to give all their users access to the "insecure" version,
so the switching patch would not be useful.

If there *are* people out there who want either of these patches
*and* can patch and build alpine, then I am willing to write
the patches.

-- 
Andrew C. Aitchison                      Kendal, UK
                    andrew at aitchison.me.uk