On Sun, Feb 24, 2013 at 07:46:51PM +0100, Andreas Ericsson wrote: > The lack of certificate authority verification presents no attack vector > for git imap-send. As such, it doesn't warrant a CVE. I'm sure you'll > be credited with a "reported-by" line in the commit message if someone > decides to fix it though. Personally, I'm not fussed. Sure it presents an attack vector. I can man-in-the-middle your imap-send client and read your otherwise secret patches. Or your otherwise secret imap password. -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html