Dear OpenSC developers,
in the interests of the users of OpenSC, it would be fair to apply the
following patch.
Kind Regards
Andre Zepezauer
Index: etc/opensc.conf.in
===================================================================
--- etc/opensc.conf.in (revision 4620)
+++ etc/opensc.conf.in (working copy)
@@ -347,8 +347,12 @@
# Thus the other users or other applications is not prevented
# from connecting to the card and perform crypto operations
# (which may be possible because you have already authenticated
- # with the card). This setting is not very secure.
+ # with the card).
#
+ # WE (THE OPENSC DEVELOPERS) ARE VERY AWARE OF THE FACT, THAT
+ # THIS FEATURE IS INSECURE. NEVERTHELESS IT IS ENABLED BY
DEFAULT,
+ # BECAUSE WE DON'T CARE ABOUT YOUR (THE USERS) SECURITY NEEDS.
+ #
# Also, if your card is not locked, you can enconter problems
# due to limitation of the OpenSC framework, that still is not
# thoroughly tested in the multi threads environment.
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
