Add config argument to more password.Password invocations. The work done to allow password_pbkdf2_default_rounds to be overridden for testing requires that calls to password.Password include a config argument. This was needed because using the real value more than quadrupled testing runtime. However there are still a few places where config was not being set when Password was called. I think this fixes all of the ones that are called from a function that have access to a db.config object. The remaining ones all call Password(encrypted=x). This results in Password.unpack() being called. If x is not a propertly formatted password string ("{scheme}...", it calls encodePassword. It then should end up raising the ConfigNotSet exception. This is probably what we want as it means the shape of "x" is not correct. I don't understand why Password.unpack() attempts to encrypt the value of encrypted if it doesn't match the right form. According to codecov, this encryption branch is being used, so somewhere x is of the wrong form. Hmmm....

.. meta::
    :description:
        Documentation on how to report security issues with
        Roundup. Also index to security related portions in other
        Roundup documentation.

.. index::
   single: Reporting Security Issues
   single: Security Issues, Reporting


======================================
Reporting Security Issues with Roundup
======================================

Security issues with Roundup should be reported by email to:

   rouilj@users.sourceforge.net  (John Rouillard)

   rsc@runtux.com (Ralf Schlatterbeck)

Also you can find rouilj on irc in channel #roundup at irc.oftc.net (see
Contact_ for more directions and web interface).

Use these mechanisms to establish initial contact.

.. _Contact: https://www.roundup-tracker.org/contact.html