<DKIM> Re:Passwords on OS X via security

[Nicolas Sebrecht]

On Thu, Nov 13, 2014 at 11:32:00PM -0700, Lucien Pullen wrote:

> This will not work, unless I'm trying to use anonymous functions
> incorrectly.  Calling "import foo" from a lambda will result in an
> error (Python 2.7):
> 
> --8<---------------cut here---------------start------------->8---
> >>> lambda: import keyring
>   File "<stdin>", line 1
>     lambda: import keyring
>                  ^
> SyntaxError: invalid syntax
> --8<---------------cut here---------------end--------------->8---
> 
> You will need to perform any imports in a .py file.  You mentioned that
> an auxiliary file was unwanted, but you may need one.

Ah, right. I did not think about that. Thanks for the heads up.

> That or a config option for loading dependent libraries needs to be
> added (very specific change for a very specific problem, but that's the
> only reason I use a .py file, so maybe an ok one if enough people do
> that).

Well, I guess that that kind of advanced problem solving should be left
to the user.

I believe keeping the code base as simple as possible is a good thing.
For such specific cases it should still be possible to write its own
wrapper on top of bin/offlineimap. This is what users do for years and
it sounds good enough (I'm not using such trick myself).


About the OP problem, I can think of other alternatives.

One might be to make use of the -k option to override the configuration
option from CLI. The drawback would be to pass the clear password to
OfflineIMAP making it readable from tools like top/ps.

Another would be to configure OfflineIMAP to use a password file. Then
it's easy to write a shell script (wrapper of bin/offlineimap) in charge
of retrieving the password, putting it into the password file and
removing that file once OfflineIMAP is done.

I'm sure there are plenty of working possibilities. ,-)

-- 
Nicolas Sebrecht