Speaking as someone who has had to replace (some of) php-imap with pure php
code, I observe that the "insecure" c-client problems would apply more to an
actual uwash imap server, not so much to a subset of the c-client code used
only in a client.
The php-imap extension is not a server. Any script kiddie can smack on a
uwash server, but to exploit a _client_ using a portion of that code, would
seem to be much more tricky. It seems like a special malware server, or
specially crafted malware emails, would need to be used and then a php-imap
client would need to connect to and/or request such malware in order for the
client to be exploited, and even this might depend if php-imap were using POP3
or IMAP (it uses more c-client code for POP3). Not impossible of course, but
different from server considerations.
I understand the issues around the need to maintain the c-client code, but do
remember we are talking about a client that accesses a server accorrding to
RFC standards, we are not providing a server. If this mitigates the effort
required to maintain the c-client (since it will not be a server) then maybe
AFAIK, redhat / fedora has generally provided the easiest to install php-imap
(and php in general) packages around.
Joe Orton (jorton(a)redhat.com) wrote:
On Tue, Mar 02, 2004 at 05:15:03PM +0000, Joe Orton wrote:
> On Tue, Feb 24, 2004 at 08:02:18PM +0200, Kaj J. Niemi wrote:
> > > I'm also able to package the c-client library based on the previous
> > > rpm if that is the conclusion of this discussion.
> > Attached is a suggestion for libc-client.spec. It is based on the imap-2002d
> > package. A shared library is built in addition to the static library. The
> > build code was borrowed from FreeBSD's ports collection mail/cclient where
> > it has been working well. In the base package we install just the shared
> > library while the header files and the static library gets saved for -devel.
> > The .spec and the .src.rpm can be found at
> > Comments are welcome.
> Thanks for doing this Kaj... I had a quick look, it was missing a
> %post/%postun, and there were a few too many RFCs in %doc for my taste.
Also some Conflicts with imap are needed here.
That's "angle" as in geometry.