LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-02-2009, 04:01 AM   #1
rob_L
LQ Newbie
 
Registered: Nov 2009
Posts: 10

Rep: Reputation: 0
How do I know my email passowrd in mail-notification is safe?


Hi LQ-ers,

A complete paranoid-newbie's question:
I use debian and am thinking of using the mail-notification (MN) application to check my emails on accounts like AOL. To do that I need to enter my email user and password in the MN menus.

How do I know that MN won't send away my user/password somewhere else (for example to the code developers) or that someone might hack and steal them?. Does some actually check these open-source codes don't perform such malicious stuff or that they are safe? (so private data doesn't leak or hacked).

Thanks,
Rob.
 
Old 11-02-2009, 04:28 AM   #2
jmc1987
Member
 
Registered: Sep 2009
Location: Oklahoma
Distribution: Debian, CentOS, windows 7/10
Posts: 879

Rep: Reputation: 113Reputation: 113
Quote:
Originally Posted by rob_L View Post
Hi LQ-ers,

A complete paranoid-newbie's question:
I use debian and am thinking of using the mail-notification (MN) application to check my emails on accounts like AOL. To do that I need to enter my email user and password in the MN menus.

How do I know that MN won't send away my user/password somewhere else (for example to the code developers) or that someone might hack and steal them?. Does some actually check these open-source codes don't perform such malicious stuff or that they are safe? (so private data doesn't leak or hacked).

Thanks,
Rob.
Well unless you are a coder you couldn't really tell if they have something setup that would send your password etc. So when it all comes down to it all you have it trust. Most software like pidgin has a rep behind it so you know you can trust it but I have never heard of mail-notification. From what I have googled I haven't seen any bad things like that.

So question is do you trust them. If yes install.
 
Old 11-02-2009, 08:41 PM   #3
rob_L
LQ Newbie
 
Registered: Nov 2009
Posts: 10

Original Poster
Rep: Reputation: 0
Thanks for replying but this is largely impractical-how do I trust my passwords with a group of coders I've never heard of?. This is like giving someone the keys to home-will you do that with complete strangers?.

So technically, anyone can submit an application to be included in a linux repository and no one checks it's not malicious?.
 
Old 11-02-2009, 09:35 PM   #4
jmc1987
Member
 
Registered: Sep 2009
Location: Oklahoma
Distribution: Debian, CentOS, windows 7/10
Posts: 879

Rep: Reputation: 113Reputation: 113
Well if its in your distro repo then you have nothing to worry about. If you are using a trusted third party repo then you should be fine.

Alot of clients just use your username and password and connect to the server they are going to. Which is like a direct connection. Your username or password should never even go to the coders.
 
Old 11-03-2009, 01:05 AM   #5
mike11
Member
 
Registered: Apr 2009
Posts: 222

Rep: Reputation: 17
Quote:
Well if its in your distro repo then you have nothing to worry about. If you are using a trusted third party repo then you should be fine.

Alot of clients just use your username and password and connect to the server they are going to. Which is like a direct connection. Your username or password should never even go to the coders.
How can you be sure? does someone examine open-source codes to check they don't contain any `easter-eggs' before accepting them into a repo?
 
Old 11-03-2009, 01:06 AM   #6
jmc1987
Member
 
Registered: Sep 2009
Location: Oklahoma
Distribution: Debian, CentOS, windows 7/10
Posts: 879

Rep: Reputation: 113Reputation: 113
Quote:
Originally Posted by mike11 View Post
How can you be sure? does someone examine open-source codes to check they don't contain any `easter-eggs' before accepting them into a repo?

Email them and find out
 
Old 11-03-2009, 01:09 AM   #7
smeezekitty
Senior Member
 
Registered: Sep 2009
Location: Washington U.S.
Distribution: M$ Windows / Debian / Ubuntu / DSL / many others
Posts: 2,339

Rep: Reputation: 231Reputation: 231Reputation: 231
Wtf? Wtf? Wtf?
 
Old 11-03-2009, 01:45 AM   #8
rob_L
LQ Newbie
 
Registered: Nov 2009
Posts: 10

Original Poster
Rep: Reputation: 0
Thanks jmc, mike and smeezekitty for replying.

jmc and smeezekitty: sorry- I'm a complete newbie and don't understand what you mean.
 
Old 11-03-2009, 02:06 AM   #9
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,411

Rep: Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397Reputation: 2397
jmc1987 means email the repo guys (people who code/supply your distro) and ask, or find their mailing list.
Generally, you can trust a well known distro eg RHEL/Centos/Fedora, as all the code is open src and available to anyone to read. However, they are only human and its theoretically possible they might miss something. I sincerely doubt they'd miss anything so blatant. You can always read the code yourself, or do your own coding.
In your case contact the Debian guys.
 
Old 11-03-2009, 04:08 AM   #10
jmc1987
Member
 
Registered: Sep 2009
Location: Oklahoma
Distribution: Debian, CentOS, windows 7/10
Posts: 879

Rep: Reputation: 113Reputation: 113
Quote:
Originally Posted by rob_L View Post
Thanks jmc, mike and smeezekitty for replying.

jmc and smeezekitty: sorry- I'm a complete newbie and don't understand what you mean.
Well understood. Linux is a little system with huge capabilities. I've been working with Linux for a good time now and I still don't know half is much. Don't worry it takes a little time to learn.
 
Old 11-03-2009, 06:56 AM   #11
dasy2k1
Member
 
Registered: Oct 2005
Location: 127.0.0.1
Distribution: Ubuntu 12.04 X86_64
Posts: 960

Rep: Reputation: 35
Basically if some software was genereted that did this the chances are that somone would notice very quickly,
if anyone notices an app doing somthinng dodgy then its src code is likly to be gone through with the proverbial fine tooth comb
anything then found to be data mining is likely to be removed from the repo or patched to correct this in the time it takes to blink.
 
Old 11-05-2009, 02:51 AM   #12
rob_L
LQ Newbie
 
Registered: Nov 2009
Posts: 10

Original Poster
Rep: Reputation: 0
Thanks to everyone who has replied .
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Nagios email notification unable to work with Nail Mail fabbie Linux - Server 3 10-23-2009 12:01 AM
Configuring Mail server for Email notification ??? ajeetraina Linux - Server 2 11-09-2007 05:04 PM
Gnome Mail Notification - POP3 mail always shown as new? tsiMental Linux - Software 0 09-08-2005 11:50 AM
New Email Notification lapthorn Linux - Software 0 02-04-2004 10:44 AM
E-Mail notification to users via SMS (gateway script ok, but notification script?!?) Riku2015 Linux - Networking 10 03-08-2002 11:16 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:46 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration