[Python-apps-team] Bug#594662: gmail-notify: Stores password in clear text

PJ Weisberg pjweisberg at gmail.com
Sat Aug 28 07:51:03 UTC 2010


Package: gmail-notify
Version: 1.6.1.1-1
Severity: important

I just happened to look in the .notifier.conf file that gmail-notify keeps in
my home directory and noticed that it was storing my password in plain text.  I
had assumed it would be stored somewhere in some encrypted form.

Ideally this should be fixed by encrypting the password, but at a minimum there
should be a warning that the password is going to be stored in this way.



-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages gmail-notify depends on:
ii  python                        2.6.5-13   interactive high-level object-orie
ii  python-central                0.6.16     register and build utility for Pyt
ii  python-eggtrayicon            2.25.3-5   Python module to display icons in 
ii  python-gtk2                   2.17.0-4   Python bindings for the GTK+ widge

Versions of packages gmail-notify recommends:
ii  iceweasel [www-browser]       3.5.11-2   Web browser based on Firefox
ii  w3m [www-browser]             0.5.2-9    WWW browsable pager with excellent

gmail-notify suggests no packages.

-- no debconf information





More information about the Python-apps-team mailing list