View Single Post
  #7  
Old Jun 17, 2016, 12:43 AM
LiquidAcid LiquidAcid is offline
Trusted Editor
 
Join Date: May 2008
Posts: 1,532
Default

The problem is not that the issue is related to email address disclosure, but that it shows that the project is struggling with minor/trivial tasks. Security is based on trust. I have to trust "Let's Encrypt" that their do their cerfication correctly and that nobody else has access to their infrastructure. And this incident at least doesn't increase my trust.

That is why I kinda disagree with Nisto. No security is better than the false sense of security, which is deceiving and dangerous.
Reply With Quote