I agree with this sentiment. Having a trust entry that crosses networks is a security hole, particularly if the user has a trust entry like nick!user@* (which is often necessary because the host changes when a user logs off and logs on again).
So, suppose there was a user-x on network-1 that trusted user-y, and I knew that he also was a user on network-2, then I could log in to network-2 with the same nickname/username and I would be trusted and could then send a malicious file which would be accepted automatically by the user.
IMO, this is a non-trivial security hole which needs to be fixed.
So what is needed is to make the trust list per network through the UI and to make $trust work only on the active connection (i.e. a script needs to switch connections with scid to get trust lists from other connections).
Last edited by Protopia; 28/06/17 09:31 PM.
