Re: Dovecot's default password storage scheme is not GDPR compliant
12 Feb
2025
12 Feb
'25
8:43 p.m.
GDPR applies to companies operating software, not the software itself.
As Aki pointed out (somewhere) in this thread, Dovecot doesn't store passwords itself, and doesn't work unless an admin proactively configures at least one authentication mechanism, so it is "secure by default" under any definition I'm aware of.
We might be open to a (short) MR on some language to add to the base authentication configuration page that would alert an admin to possible GDPR requirements. But the Dovecot configuration site is maintained to describe how the software works, not educate on what you might or might not need to do to operate a public mail platform, so the scope of such MR would need to be exceedingly narrow.
michael
161
Age (days ago)
161
Last active (days ago)
0 comments
1 participants
participants (1)
-
Michael Slusarz