Jeff: > Since currently there is no needs for these features which are relating > to security, I've decided to disable them in gnome-keyring 2.21. These > include: > 1. ssh support > 2. public key certificates support (general certificate and x.509 > certificate) > 3. pkcs11 support (It is API interface standard for accessing security > devices such as smart card, usb disk etc.) > > A patch is attached and please review. I'll also ask community to review > it soon.
I disagree with this patch unless we have first worked with the security team and verified that this is the best course of action. Wyllys Ingersoll previously did some work to help integrate gnome-keyring with Sun's PKCS11 interfaces, so it would be useful to get his feedback on this before making any changes to the code. Also, there seems to be some discussion that the Sun security team is planning on taking ownership of gnome-keyring (or seahorse). I'd say we should get more clarification on what's going on with this before spending more effort on this module. Brian > Darren Kenny ??: >> Hi Damien, >> >> Jeff has taken ownership of GNOME Keyring due to his prior dealings with >> encryption technologies. >> >> Jeff, do you know anything about this? >> >> Thanks, >> >> Darren. >> >> Do you know any more about this? >> >> Damien Carbery wrote: >> >>> Ghee and Darren, >>> >>> gnome-keyring 2.21.x needs libtasn1 > 0.3.4. >>> Should this be added or gnome-keyring left at 2.20.2? >>> >>> ftp://ftp.gnutls.org/pub/gnutls/libtasn1/ >>> >>> Damien >>> >
