[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: The situation of KWallet, and what to do about it?
From:       Thomas Pfeiffer <thomas.pfeiffer () kde ! org>
Date:       2016-07-11 19:27:54
Message-ID: 1cfdad30-11da-66a6-1fe2-468171346e2b () kde ! org
[Download RAW message or body]

On 07.07.2016 18:43, Elvis Angelaccio wrote:
>> - We make encrypted password storage optional and non-default (easiest
>> solution, but not exactly in line with KDE's vision)
> I disagree on this point. Even if KWallet were free of usability
> issues, it would still provide a false sense of security. The user
> thinks that his/her passwords are safe, while in fact they are not.
> If we don't have enough manpower to develop and mantain a proper
> keychain in Plasma, we should tell our users. This way they can make
> sure that, for example, the unsafely stored Wi-Fi passphrase is not
> used for other accounts. This is already closer to our vision than the
> current situation.
>
> My vote is: we either do it right, or we give up. If someone steps up
> to fix this problem, great. Otherwise we should start to slowly port
> away from KWallet.

Good point!
I still hope we'd find a secure solution, but no central storage may
indeed be better than an insecure one.
[prev in list] [next in list] [prev in thread] [next in thread]