On lun., 2010-07-12 at 13:04 +0200, Martin Pool wrote: > On 12 July 2010 12:53, Leonard Richardson > <[email protected]> wrote: > > It's no secret that I think the desktop credential management app, > > although superior from a UI standpoint, is insecure. Up to this point > > the counter-argument has prevailed that malicious client code on an > > Ubuntu desktop is rare, so we shouldn't worry about it. > > That is true but to me the main point is that if there is malicious > code running within your desktop machine, you have bigger problems > than your Launchpad account. > > > I think this > > counter-argument has an additional premise that has just been revealed: > > malicious client code on an Ubuntu desktop is rare, *and if it does > > exist, the worst it can do is screw up your own system/Launchpad > > account*. With GRANT_PERMISSIONS plus the ability to upload GPG keys, > > once malicious code gets on an Ubuntu system it can easily infect > > thousands of other systems. > > Can you unpack the logic there? Do you mean that if malicious code > gets onto an Ubuntu system of a user who can write to the main archive > or a popular PPA, it can propagate to thousands of other machines. > That is true, but orthogonal to whether there is an API to manipulate > credentials. >
I pretty agree with this. Just to note as well that Quickly generally use the "Change Anything" (don't really know to which permission this is related to). The extra permission for pushing gpg/ssh/create ppa would be generally only on first release if the user doesn't have them (Quickly first check if you have corresponding gpg/ssh key locally matching one uploaded to Launchpad) and that the ppa exists. So, an extra time for this case isn't so shocking to me even if user will feel that it's less integrated. Didier _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
