Roundup Tracker - Issues


Author rouilj
Recipients ThomasAH, ber, rouilj
Date 2020-08-31.13:15:43
Message-id <>
In-reply-to <>
Hi Thomas:

In message <>,
Thomas Arendsen Hein writes:
>When requesting a password reset via the web interface, the
>reset email is sent unencrypted.

The reset email is sent using This
method doesn't send encrypted emails. The bounce_message method in the
same class does support pgp encryption and may provide an outline of
how to implement encryption. Maybe changing the signature to include
crypt=False and implementing pgp encryption would work?

I assume your concern is that the reset email url is available in
plain text and could be used by a bad actor?

>So far I haven't tested with newer Roundup versions.

I did the analysis using 2.0.0 so password reset emails are still
Date User Action Args
2020-08-31 13:15:44rouiljsetrecipients: + rouilj, ber, ThomasAH
2020-08-31 13:15:43rouiljlinkissue2551089 messages
2020-08-31 13:15:43rouiljcreate