[Datschge]

Quote:

Originally Posted by LiquidAcid

While the idea of the project is certainly nice, they've recently been under fire for this incident:
Email Address Disclosures, Preliminary Report, June 11 2016

IMHO this is something which should not happen with a project where the main goal is security.

It's possible to request a certificate without giving any email. The email is only used for notification about pending expiration of the certificates, which are valid only for 90 days each. Also while incredibly stupid (just like their client assuming full admin access on the server while wanting to be able to update itself, a real security nightmare) I honestly can't imagine this being a huge actual issue, every webmaster worth his salt would use a semi public standard email like [email protected] instead a personal one.