On Mon, 29 Jan 2018 15:38:00 +0100, Michael Schwendt wrote:
On Tue, 9 Jan 2018 18:46:06 +0100, Jan Kurik wrote:
= System Wide Change: Replace glibc's libcrypt with libxcrypt = https://fedoraproject.org/wiki/Changes/Replace_glibc_libcrypt_with_libxcrypt
Change owner(s):
- Björn Esser <besser82 AT fedoraproject DOT org,>
- Florian Weimer <fweimer AT redhat DOT com>
There are plans to remove libcrypt from glibc, so we should have a replacement.
Please clarify what exactly the plan is.
To replace libcrypt with a compatible library and with a grace period for apps to stop using deprecated functions that may be removed in the future?
Or to replace libcrypt with an incompatible library immediately with no grace period?
The reason why I ask is that Claws Mail still uses encrypt() with the sole purpose of being able to decrypt old passwords. It doesn't convert them to different encryption algorithms automatically, unless the user changes the password, and it doesn't force the user to set a Master Password either. Only the latter would add security since Claws Mail 3.14.0 (2016), which added that as a new feature.
I had hoped there would be a response to this. Another try with the two change owners in Cc.