[Pkg-roundcube-maintainers] Bug#960302: Bug#960302: imap retry must be tunable

[Sandro Knauß]

Control: forwarded -1 https://github.com/roundcube/roundcubemail/pull/7402

hey,
 
> Could you please have a look at this regression report?  You authored
> the patch and my PHP-fu is failing me :-P  It should definitely not
> retry the very same incorrect credentials.  Even on systems without
> anti-bruteforce logic that locks the user out, Roundcube still takes 5
> times longer to complain a about a failed login — which is not
> negligible when an expensive PBKDF is used for credential verification.

ACK
 
> I think it's rather unfortunate that
> debian/patches/retry_to_reach_imap_server.patch was AFAICT never submitted
> upstream and landed into stable through -p-u. I dunno whether
> program/lib/Roundcube/rcube_imap.php:connect() has access to the IMAP state
> machine to determine whether a greeting was seen (AFAICT your intention was
> to retry on missing greeting lines, not on NO/BYE greeting conditions let
> alone failed authentication attempts) or to another interface returning
> whether the error is transient or not. Either way it'd be good to have
> upstream's blessing before adopting such patches to Debian :-)

Well I tried several times to reach upstream and they are often not answering. 
Never the less I created a pull request with an updated version, that does no 
retry for unrecoverable failures like authentication failure, no password, 
configuration failure. That should improve the situation already in this issue.

@Matus UHLAR: please try the patch attached to the pull request if this fixes 
your issue:
 https://github.com/roundcube/roundcubemail/pull/7402

Cheers,

hefee
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://alioth-lists.debian.net/pipermail/pkg-roundcube-maintainers/attachments/20200524/328d7230/attachment.sig>