When submitting KAuth to openSUSE, the SUSE security team found possible race conditions that could lead to security issues[1]-
I'm writing here because until these issues are solved, KAuth will not be accepted into openSUSE. The second reason I'm posting this here is because it seems people involved with KAuth are not reachable: - security@ko was contacted without an answer; - other KDE people including drf were contacted without a response; Some discussion was raised with Martin Briza (CC'ed just in case, so he may provide some insight, at least) with regards to polkit-qt-1 issues which were (to my understanding) fixed. I can say I cannot fix this at all (I can write C++, but I have neither the skill nor the time to fix what's needed here), and therefore this is a cry for help to see at least the identification of the issue and a fix or workaround, or just an explanation why this is not an issue. I think this is quite important as KAuth is a security-related framework. [1] https://bugzilla.novell.com/show_bug.cgi?id=864716#c41 -- Luca Beltrame - KDE Forums team KDE Science supporter GPG key ID: 6E1A4E79
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Kde-frameworks-devel mailing list Kde-frameworks-devel@kde.org https://mail.kde.org/mailman/listinfo/kde-frameworks-devel