[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: The situation of KWallet, and what to do about it?
From:       Reindl Harald <h.reindl () thelounge ! net>
Date:       2016-07-11 19:40:13
Message-ID: 267aef6d-f7d7-bb75-89b5-ff5f332ab6a5 () thelounge ! net
[Download RAW message or body]

[Attachment #2 (multipart/mixed)]


Am 11.07.2016 um 21:27 schrieb Thomas Pfeiffer:
> On 07.07.2016 18:43, Elvis Angelaccio wrote:
>>> - We make encrypted password storage optional and non-default (easiest
>>> solution, but not exactly in line with KDE's vision)
>> I disagree on this point. Even if KWallet were free of usability
>> issues, it would still provide a false sense of security. The user
>> thinks that his/her passwords are safe, while in fact they are not.
>> If we don't have enough manpower to develop and mantain a proper
>> keychain in Plasma, we should tell our users. This way they can make
>> sure that, for example, the unsafely stored Wi-Fi passphrase is not
>> used for other accounts. This is already closer to our vision than the
>> current situation.
>>
>> My vote is: we either do it right, or we give up. If someone steps up
>> to fix this problem, great. Otherwise we should start to slowly port
>> away from KWallet.
>
> Good point!
> I still hope we'd find a secure solution, but no central storage may
> indeed be better than an insecure one

no it's not

the alternative would be a passwords.txt on the desktop of many users 
with no autoclose or insecure passwords at all to remember them

hardly an improvement


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]