New patch series upcoming for the GUI changes

Sebastian Spaeth Sebastian at SSpaeth.de
Fri Jan 7 10:26:16 GMT 2011


On Thu, 6 Jan 2011 20:53:31 +0100, Nicolas Sebrecht <nicolas.s-dev at laposte.net> wrote:
> Ok, I see your point now. But you're wrong, the patch should be
> clear enough to prove you the whole content was not removed.

OK, my bad. In this case just ignore the copyright removal thing and
modify my patch. Or should I send an updated one?

> > - optional single threading (better debugging)
> > - optional and experimental LocalStatus as sqlite db (faster sync)
> > - Allow 1-way syncing (safer syncing)
> > - improve SSL CA cert checking and configure options, ie host checking
> >   (security)
> > - add "accept the hosts SSL certificate permanently" option. (security)
> > - Restart work on a test suite (reliability tests)
> > - General sync strategy improvements and code cleanups (speed and robustness)
> > - Code documentation system (easier code overview and hackability)
> > - Robustness checks (abort network connection during sync etc) (robustness)
> > - Examine GMail weirdness (improved interoperability)
> 
> I think security issues should come first, but feel free to do whatever
> you'd like, of course? :-)

Yes, I'll see what I can do first. Single threading will be a
prerequisite for better debugging, raising exceptions and seeing where
they come from is a pain otherwise.

> What about the tests suites?
- Restart work on a test suite (reliability tests)

yep :-). But to be honest, I am a bit unsure about the best strategy
here now. Given that you clearly prefer the very highlevel tests, I am
not sure that the test framework I've created so far is the best way to
go. Not sure how the test suite should be arranged and run.

> I guess you have seen the recent issues about the ssl certificate check
> failing (probably due to hostname with subdomains). ,-p

Yep, and strictly speaking the failing is correct as the certificate is
for a different domain (or the certificate should have been issued for
*.domain.com). But as that clearly needs to work we should make the
hostname checking optional somehow. I am not sure if we should have
something like:

sslcacertchecking = strict|nohostname
or
sslcacerthostcheck = True|False

which would make these hostname checks optional.

Also, the mutt way of storing the ssl certificate (fingerprint?) and
have the user just permanently accept that without the need for CA
certificates sounds very attractive and promising to me.

Sebastian




More information about the OfflineIMAP-project mailing list