> On May 25, 2013, 5:25 p.m., Àlex Fiestas wrote: > > I'm 100% against this patch, it is a no go. > > > > What we have to provide is a way for distributions to open the wallet in a > > SECURE way without asking the user for a password. Distros are free to use > > this patch but then they should rename kwallet because it won't be doing > > what it was design to do. > > Rex Dieter wrote: > By that logic, kwallet shouldn't support password-less operation *at > all*, yet it does. (In case its not obvious, I don't agree with your > assertions). That said, discussion of the security implications should best > be made onlist, not on reviewboard. > > Àlex Fiestas wrote: > There is a proper way of doing this which is opening the wallet (and > creating it if not created already) with a PAM module. Anything else is just > a hack. Feel free to start a discussion about this on list, but until then > this patch has my -1. > > BTW I looked into the PAM module, it is easy to do and I will do it for > 4.12 (was going to do it for 4.11 but it was already frozen).
Oh and btw, NO, kwallet should NOT support pasword-less operations at all, and if it does is because we lack PAM integration I guess. - Àlex ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: http://git.reviewboard.kde.org/r/110328/#review33135 ----------------------------------------------------------- On May 6, 2013, 5:25 p.m., Eike Hein wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > http://git.reviewboard.kde.org/r/110328/ > ----------------------------------------------------------- > > (Updated May 6, 2013, 5:25 p.m.) > > > Review request for KDE Runtime and Harald Sitter. > > > Description > ------- > > This patch adds a UI-less config option to kwalletd that makes it create the > initial local wallet silently with an empty password instead of prompting the > user to enter one. > > It's a change desired by downstream consumers Kubuntu and Netrunner, and > perhaps others, and recreates a modification they used to carry for KDE 3. > Their goal is to make KWallet mostly invisible to the user during routine > operations, but still have users benefit from encrypted password storage > behind the scenes. > > As such the config option is intended to be set by distributions. The new > behavior is disabled by default. > > In the interest of keeping the delta between upstream and downstream as small > as possible I'd say it makes sense to pick this up. > > > Diffs > ----- > > kwalletd/kwalletd.h e8e74c3 > kwalletd/kwalletd.cpp fa9fc11 > > Diff: http://git.reviewboard.kde.org/r/110328/diff/ > > > Testing > ------- > > Test package for Kubuntu by Harald Sitter, operation verified at runtime. > > > Thanks, > > Eike Hein > >
