Michael Haggerty <mhagger@xxxxxxxxxxxx> writes: > I think the problem is yet another step earlier: why do we build tools > that encourage people to store passwords in plaintext in a configuration > file that is by default world-readable? True. This particular one mentioned in the thread predates credential helpers, so it is not faire to say "encourage". We didn't and we don't. Care to do a patch to deprecate sendemail.smtppass (i.e. give warnings to users when it is used) and perhaps replace it with something based on the credential store or something? -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html