https://bugs.kde.org/show_bug.cgi?id=428146
--- Comment #7 from Dawid Wróbel <m...@dawidwrobel.com> --- @Jack, indeed, this is something I thought about already before and the only potential solution going forward. The problem here, however, is that *even* if we had e.V. willing to work with us on that, only the binary distributables could offer this functionality. This is because when registering with 3rd party financial institutions, you need to provide them with a set of crypto keys, which they in turn use to confirm the authenticity of the client software accessing their APIs. Such requirement is mandated by the PSD2 and quite surely FDX, given how this is effectively the only sane way to restrict the bad actors from attempting to exploit their APIs' inevitable vulnerabilities. Now, such signing would obviously not be otherwise possible for any free (as in speech) Linux distribution that only provides packages built by themselves (e.g. Debian), since they would naturally have no access to KDE e.V.'s unique keys to sign their own binaries with. For any other distribution, KDE-provided binaries would automatically land in the "Non-free" repository. So, in conclusion, this full functionality would only be offered by the pre-compiled KMyMoney distributables, which may or may not go against the KDE foundation's core principles. I can see, however, how offering a financial software offering a privacy-protection *and* the ownership of ones financial data also fulfills foundation's core manifesto. So this case could fall under the "necessary evil", especially that the heightened requirements imposed by the financial regulations are no-nonsense and designed with security in mind. -- You are receiving this mail because: You are watching all bug changes.
