[offlineimap] offlineimap.conf.minimal should have some hints about configuring TLS. (#263)

Nicolas Sebrecht notifications at github.com
Wed Oct 28 14:14:08 GMT 2015


Ok. I'll finally allow security matter enter the minimal conf if you want because it's security. You conviced me. ,-)

However, notice that your patch fails at protecting the user in the IMAP/IMAP case. I can think of two ways to accomplish the purpose:

###### light policy 

Encourage the user to look further for security options. Everything must be comments in the minimal config and must explain the points we discussed here:
* have a sample with the minimal options to get a secured connection;
* tell this is just minimal;
* point to offlineimap.conf.

###### strong policy

A more stricter policy would be to simply set `ssl = yes` the default. This would **force** the user to check the options related to security.


I let you the choice about how to do that. :-)

---
Reply to this email directly or view it on GitHub:
https://github.com/OfflineIMAP/offlineimap/issues/263#issuecomment-151857898
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/offlineimap-project/attachments/20151028/abe64bd6/attachment-0003.html>


More information about the OfflineIMAP-project mailing list