[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: The situation of KWallet, and what to do about it?
From: Reindl Harald <h.reindl () thelounge ! net>
Date: 2016-07-11 19:40:13
Message-ID: 267aef6d-f7d7-bb75-89b5-ff5f332ab6a5 () thelounge ! net
[Download RAW message or body]
[Attachment #2 (multipart/mixed)]
Am 11.07.2016 um 21:27 schrieb Thomas Pfeiffer:
> On 07.07.2016 18:43, Elvis Angelaccio wrote:
>>> - We make encrypted password storage optional and non-default (easiest
>>> solution, but not exactly in line with KDE's vision)
>> I disagree on this point. Even if KWallet were free of usability
>> issues, it would still provide a false sense of security. The user
>> thinks that his/her passwords are safe, while in fact they are not.
>> If we don't have enough manpower to develop and mantain a proper
>> keychain in Plasma, we should tell our users. This way they can make
>> sure that, for example, the unsafely stored Wi-Fi passphrase is not
>> used for other accounts. This is already closer to our vision than the
>> current situation.
>>
>> My vote is: we either do it right, or we give up. If someone steps up
>> to fix this problem, great. Otherwise we should start to slowly port
>> away from KWallet.
>
> Good point!
> I still hope we'd find a secure solution, but no central storage may
> indeed be better than an insecure one
no it's not
the alternative would be a passwords.txt on the desktop of many users
with no autoclose or insecure passwords at all to remember them
hardly an improvement
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic