[Plasma Vault] [Bug 385982] Please use XDG spec for dirs
https://bugs.kde.org/show_bug.cgi?id=385982 Paul changed: What|Removed |Added CC|pip@gmx.com | -- You are receiving this mail because: You are watching all bug changes.
[Plasma Vault] [Bug 385982] Please use XDG spec for dirs
https://bugs.kde.org/show_bug.cgi?id=385982 Ivan Čukić changed: What|Removed |Added Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED Latest Commit||https://commits.kde.org/pla ||sma-vault/07311c73b5dd1f552 ||ecff29eeb1bc212e75329a9 --- Comment #16 from Ivan Čukić --- Git commit 07311c73b5dd1f552ecff29eeb1bc212e75329a9 by Ivan Čukić, on behalf of Kees vd Broek. Committed on 29/10/2017 at 09:13. Pushed by ivan into branch 'master'. Use XDG_DATA_HOME and security fix Summary: The EncFS has security issues when the encrypted files are shared in the open. For instance on a usb-pendrive or a shared drive. Only when the user picks EncFS we then continue to not allow the user to pick his 'device' directory where the encrypted files would go, just store this on the XDG_DATA_HOME which is defined as; the base directory relative to which user specific data files should be stored Users can continue picking their datadir just fine when they pick the CryFS and other future backends. Reviewers: ivan, #plasma Reviewed By: ivan, #plasma Subscribers: plasma-devel Tags: #plasma Differential Revision: https://phabricator.kde.org/D8469 M +28 -21 kded/ui/directorypairchooserwidget.cpp M +3-5kded/ui/directorypairchooserwidget.h M +2-2kded/ui/vaultcreationwizard.cpp https://commits.kde.org/plasma-vault/07311c73b5dd1f552ecff29eeb1bc212e75329a9 -- You are receiving this mail because: You are watching all bug changes.
[Plasma Vault] [Bug 385982] Please use XDG spec for dirs
https://bugs.kde.org/show_bug.cgi?id=385982 --- Comment #14 from Paul --- As I said, go for it guys. :) It's all now rather moot as far as I'm concerned. My data, my choice, my risk assessment. Vault is not an application that I foresee myself using. -- You are receiving this mail because: You are watching all bug changes.
[Plasma Vault] [Bug 385982] Please use XDG spec for dirs
https://bugs.kde.org/show_bug.cgi?id=385982 --- Comment #15 from Nate Graham --- That's just fine! Vault isn't targeting users like you, who are likely to be able to easily roll your own solution that perfectly fits your needs (I did the same before Vault came along). -- You are receiving this mail because: You are watching all bug changes.
[Plasma Vault] [Bug 385982] Please use XDG spec for dirs
https://bugs.kde.org/show_bug.cgi?id=385982 --- Comment #13 from cryptod...@libertymail.net --- > Isn't that removing user choice Yes, you don't allow your user to pick an option that is _known_ to put them at risk. -- You are receiving this mail because: You are watching all bug changes.
[Plasma Vault] [Bug 385982] Please use XDG spec for dirs
https://bugs.kde.org/show_bug.cgi?id=385982 --- Comment #12 from Paul --- (In reply to Nate Graham from comment #9) > use CryFS instead Isn't that removing user choice also... The flaws with encfs are known, CryFS is not mature and an unknown quantity at this point. (Yes, I am aware of https://www.cryfs.org/cryfs_mathesis.pdf ) -- You are receiving this mail because: You are watching all bug changes.
[Plasma Vault] [Bug 385982] Please use XDG spec for dirs
https://bugs.kde.org/show_bug.cgi?id=385982 --- Comment #11 from Paul --- Go for it guys :) -- You are receiving this mail because: You are watching all bug changes.
[Plasma Vault] [Bug 385982] Please use XDG spec for dirs
https://bugs.kde.org/show_bug.cgi?id=385982 --- Comment #10 from cryptod...@libertymail.net --- > I think the user does have a choice: use CryFS instead, and then the location > can be safely specified, no? Nate has it right, since CryFS doesn't have the security issues there are no restrictions on it at all. Removing the choice for EncFS makes sense because security isn't optional. -- You are receiving this mail because: You are watching all bug changes.
[Plasma Vault] [Bug 385982] Please use XDG spec for dirs
https://bugs.kde.org/show_bug.cgi?id=385982 --- Comment #9 from Nate Graham --- I think the user does have a choice: use CryFS instead, and then the location can be safely specified, no? -- You are receiving this mail because: You are watching all bug changes.
[Plasma Vault] [Bug 385982] Please use XDG spec for dirs
https://bugs.kde.org/show_bug.cgi?id=385982 --- Comment #8 from Paul --- If I'm reading your patch correctly... When using encfs you are now enforcing the location of the encrypted data. >Only when the user picks EncFS we then continue to not allow the user to >pick his 'device' directory where the encrypted files would go, just store >this on the XDG_DATA_DIR which is defined as Whilst that may be *your* ideal, and I don't doubt the security issues underlying it. The user now has *no* choice. I can't agree with that. I apologise in advance if I've misread your patch. -- You are receiving this mail because: You are watching all bug changes.
[Plasma Vault] [Bug 385982] Please use XDG spec for dirs
https://bugs.kde.org/show_bug.cgi?id=385982 --- Comment #7 from cryptod...@libertymail.net --- > I would not approve a patch that changes the location to XDG_DATA_HOME as > this is not application data - this is user data. The XDG_DATA_DIR is specified as; "the base directory relative to which user specific data files should be stored" User data, in other words. -- You are receiving this mail because: You are watching all bug changes.
[Plasma Vault] [Bug 385982] Please use XDG spec for dirs
https://bugs.kde.org/show_bug.cgi?id=385982 --- Comment #6 from cryptod...@libertymail.net --- Patch available: https://phabricator.kde.org/D8469 It just uses the XDG_DATA_DIR to calculate the default directory for the encrypted data. The stuff the user actually interacts with is still set at ~/Vaults/[name] And these are just suggestions, defaults. -- You are receiving this mail because: You are watching all bug changes.
[Plasma Vault] [Bug 385982] Please use XDG spec for dirs
https://bugs.kde.org/show_bug.cgi?id=385982 --- Comment #5 from Paul --- (In reply to Ivan Čukić from comment #4) > You can choose the exact location for both the encrypted data and the mount > point for each of the vaults you create. Yes, I was aware of that. That is currently what I'm doing :) > I would +1 a patch which allows configuring the default prefix for both. The ability to specify the default location would be very welcome. -- You are receiving this mail because: You are watching all bug changes.
[Plasma Vault] [Bug 385982] Please use XDG spec for dirs
https://bugs.kde.org/show_bug.cgi?id=385982 --- Comment #4 from Ivan Čukić --- You can choose the exact location for both the encrypted data and the mount point for each of the vaults you create. I would +1 a patch which allows configuring the default prefix for both. I would not approve a patch that changes the location to XDG_DATA_HOME as this is not application data - this is user data. -- You are receiving this mail because: You are watching all bug changes.
[Plasma Vault] [Bug 385982] Please use XDG spec for dirs
https://bugs.kde.org/show_bug.cgi?id=385982 Paul changed: What|Removed |Added CC||pip@gmx.com --- Comment #3 from Paul --- (In reply to Nate Graham from comment #1) > Strongly agree. I hate it when apps dump things right in ~, even when > they're hidden. Personally I'd like to see the ability to specify a location other than the default, even if it was only via a manual edit of a *rc file. -- You are receiving this mail because: You are watching all bug changes.
[Plasma Vault] [Bug 385982] Please use XDG spec for dirs
https://bugs.kde.org/show_bug.cgi?id=385982 --- Comment #2 from Nate Graham --- Cryptodude, would you like to submit a patch for this on phabricator.kde.org? If you've never done it before, I can help guide you through the process. -- You are receiving this mail because: You are watching all bug changes.
[Plasma Vault] [Bug 385982] Please use XDG spec for dirs
https://bugs.kde.org/show_bug.cgi?id=385982 Nate Graham changed: What|Removed |Added CC||pointedst...@zoho.com --- Comment #1 from Nate Graham --- Strongly agree. I hate it when apps dump things right in ~, even when they're hidden. -- You are receiving this mail because: You are watching all bug changes.