[Pkg-roundcube-maintainers] Bug#960302: Bug#960302: imap retry must be tunable
Sandro Knauß
hefee at debian.org
Sun May 24 00:34:24 BST 2020
Control: forwarded -1 https://github.com/roundcube/roundcubemail/pull/7402
hey,
> Could you please have a look at this regression report? You authored
> the patch and my PHP-fu is failing me :-P It should definitely not
> retry the very same incorrect credentials. Even on systems without
> anti-bruteforce logic that locks the user out, Roundcube still takes 5
> times longer to complain a about a failed login — which is not
> negligible when an expensive PBKDF is used for credential verification.
ACK
> I think it's rather unfortunate that
> debian/patches/retry_to_reach_imap_server.patch was AFAICT never submitted
> upstream and landed into stable through -p-u. I dunno whether
> program/lib/Roundcube/rcube_imap.php:connect() has access to the IMAP state
> machine to determine whether a greeting was seen (AFAICT your intention was
> to retry on missing greeting lines, not on NO/BYE greeting conditions let
> alone failed authentication attempts) or to another interface returning
> whether the error is transient or not. Either way it'd be good to have
> upstream's blessing before adopting such patches to Debian :-)
Well I tried several times to reach upstream and they are often not answering.
Never the less I created a pull request with an updated version, that does no
retry for unrecoverable failures like authentication failure, no password,
configuration failure. That should improve the situation already in this issue.
@Matus UHLAR: please try the patch attached to the pull request if this fixes
your issue:
https://github.com/roundcube/roundcubemail/pull/7402
Cheers,
hefee
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://alioth-lists.debian.net/pipermail/pkg-roundcube-maintainers/attachments/20200524/328d7230/attachment.sig>
More information about the Pkg-roundcube-maintainers
mailing list