New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove historic CRAM-MD5 mechanism #107675
Comments
if salted CRAM solves the problem then I can try to implement it. |
response from the Gmail server, I guess very few servers must be responding(configured) with
are
I guess not required, we can share a PLAIN password over SSL. do we need to remove it from imaplib as well? |
@Agent-Hellboy: Yes it can be removed from all, IMAP/SMTP and other places: Please note that LOGIN has been replaced by PLAIN but PLAIN can not be used without a secure connection. |
Sure, I will raise a PR to remove these instances and will update the docs. |
@Agent-Hellboy -- if there is consensus to remove these algorthims (none exists currently) we will need to go through the standard deprecation process (see PEP-387), which would be to deprecate now (Python 3.13) and remove any functionality no earlier than Python 3.15. Please could you update your pull requests to note the deprecation, but not remove any functionality? (Note as before, the removal of these algorthims hasn't been agreed yet, but if removal is agreed we would need to deprecate first). A |
sure, I will read the PEP and make the changes in PR.
I will post this in the discourse to see if people agree, if not I will close the PR |
For reference, the Discourse topic: |
Can you remove CRAM-MD5 from the code?
It is unsecure:
Thanks in advance.
Linked PRs
The text was updated successfully, but these errors were encountered: