[Plasma Vault] [Bug 385982] Please use XDG spec for dirs

2018-02-12 Thread Paul
https://bugs.kde.org/show_bug.cgi?id=385982

Paul  changed:

   What|Removed |Added

 CC|pip@gmx.com |

-- 
You are receiving this mail because:
You are watching all bug changes.

[Plasma Vault] [Bug 385982] Please use XDG spec for dirs

2017-10-29 Thread Ivan Čukić
https://bugs.kde.org/show_bug.cgi?id=385982

Ivan Čukić  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|UNCONFIRMED |RESOLVED
  Latest Commit||https://commits.kde.org/pla
   ||sma-vault/07311c73b5dd1f552
   ||ecff29eeb1bc212e75329a9

--- Comment #16 from Ivan Čukić  ---
Git commit 07311c73b5dd1f552ecff29eeb1bc212e75329a9 by Ivan Čukić, on behalf of
Kees vd Broek.
Committed on 29/10/2017 at 09:13.
Pushed by ivan into branch 'master'.

Use XDG_DATA_HOME and security fix

Summary:
The EncFS has security issues when the encrypted files are shared
in the open. For instance on a usb-pendrive or a shared drive.

Only when the user picks EncFS we then continue to not allow the user to pick
his 'device' directory where the encrypted files would go, just store this on
the XDG_DATA_HOME which is defined as;
 the base directory relative to which user specific data files should be stored

Users can continue picking their datadir just fine when they pick the CryFS and
other future backends.

Reviewers: ivan, #plasma

Reviewed By: ivan, #plasma

Subscribers: plasma-devel

Tags: #plasma

Differential Revision: https://phabricator.kde.org/D8469

M  +28   -21   kded/ui/directorypairchooserwidget.cpp
M  +3-5kded/ui/directorypairchooserwidget.h
M  +2-2kded/ui/vaultcreationwizard.cpp

https://commits.kde.org/plasma-vault/07311c73b5dd1f552ecff29eeb1bc212e75329a9

-- 
You are receiving this mail because:
You are watching all bug changes.

[Plasma Vault] [Bug 385982] Please use XDG spec for dirs

2017-10-25 Thread Paul
https://bugs.kde.org/show_bug.cgi?id=385982

--- Comment #14 from Paul  ---
As I said, go for it guys. :)

It's all now rather moot as far as I'm concerned.

My data, my choice, my risk assessment. Vault is not an application that I
foresee myself using.

-- 
You are receiving this mail because:
You are watching all bug changes.

[Plasma Vault] [Bug 385982] Please use XDG spec for dirs

2017-10-25 Thread Nate Graham
https://bugs.kde.org/show_bug.cgi?id=385982

--- Comment #15 from Nate Graham  ---
That's just fine! Vault isn't targeting users like you, who are likely to be
able to easily roll your own solution that perfectly fits your needs (I did the
same before Vault came along).

-- 
You are receiving this mail because:
You are watching all bug changes.

[Plasma Vault] [Bug 385982] Please use XDG spec for dirs

2017-10-25 Thread bugzilla_noreply
https://bugs.kde.org/show_bug.cgi?id=385982

--- Comment #13 from cryptod...@libertymail.net ---
> Isn't that removing user choice

Yes, you don't allow your user to pick an option that is _known_ to put them at
risk.

-- 
You are receiving this mail because:
You are watching all bug changes.

[Plasma Vault] [Bug 385982] Please use XDG spec for dirs

2017-10-25 Thread Paul
https://bugs.kde.org/show_bug.cgi?id=385982

--- Comment #12 from Paul  ---
(In reply to Nate Graham from comment #9)
> use CryFS instead

Isn't that removing user choice also...

The flaws with encfs are known, CryFS is not mature and an unknown quantity at
this point. (Yes, I am aware of https://www.cryfs.org/cryfs_mathesis.pdf )

-- 
You are receiving this mail because:
You are watching all bug changes.

[Plasma Vault] [Bug 385982] Please use XDG spec for dirs

2017-10-25 Thread Paul
https://bugs.kde.org/show_bug.cgi?id=385982

--- Comment #11 from Paul  ---
Go for it guys :)

-- 
You are receiving this mail because:
You are watching all bug changes.

[Plasma Vault] [Bug 385982] Please use XDG spec for dirs

2017-10-25 Thread bugzilla_noreply
https://bugs.kde.org/show_bug.cgi?id=385982

--- Comment #10 from cryptod...@libertymail.net ---
> I think the user does have a choice: use CryFS instead, and then the location 
> can be safely specified, no?

Nate has it right, since CryFS doesn't have the security issues there are no
restrictions on it at all.

Removing the choice for EncFS makes sense because security isn't optional.

-- 
You are receiving this mail because:
You are watching all bug changes.

[Plasma Vault] [Bug 385982] Please use XDG spec for dirs

2017-10-25 Thread Nate Graham
https://bugs.kde.org/show_bug.cgi?id=385982

--- Comment #9 from Nate Graham  ---
I think the user does have a choice: use CryFS instead, and then the location
can be safely specified, no?

-- 
You are receiving this mail because:
You are watching all bug changes.

[Plasma Vault] [Bug 385982] Please use XDG spec for dirs

2017-10-25 Thread Paul
https://bugs.kde.org/show_bug.cgi?id=385982

--- Comment #8 from Paul  ---
If I'm reading your patch correctly...

When using encfs you are now enforcing the location of the encrypted data.

>Only when the user picks EncFS we then continue to not allow the user to
>pick his 'device' directory where the encrypted files would go, just store
>this on the XDG_DATA_DIR which is defined as

Whilst that may be *your* ideal, and I don't doubt the security issues
underlying it. The user now has *no* choice.  I can't agree with that.

I apologise in advance if I've misread your patch.

-- 
You are receiving this mail because:
You are watching all bug changes.

[Plasma Vault] [Bug 385982] Please use XDG spec for dirs

2017-10-25 Thread bugzilla_noreply
https://bugs.kde.org/show_bug.cgi?id=385982

--- Comment #7 from cryptod...@libertymail.net ---
> I would not approve a patch that changes the location to XDG_DATA_HOME as 
> this is not application data - this is user data.

The XDG_DATA_DIR is specified as;

"the base directory relative to which user specific data files should be
stored"

User data, in other words.

-- 
You are receiving this mail because:
You are watching all bug changes.

[Plasma Vault] [Bug 385982] Please use XDG spec for dirs

2017-10-25 Thread bugzilla_noreply
https://bugs.kde.org/show_bug.cgi?id=385982

--- Comment #6 from cryptod...@libertymail.net ---
Patch available:  https://phabricator.kde.org/D8469

It just uses the XDG_DATA_DIR to calculate the default directory for the
encrypted data.
The stuff the user actually interacts with is still set at ~/Vaults/[name]

And these are just suggestions, defaults.

-- 
You are receiving this mail because:
You are watching all bug changes.

[Plasma Vault] [Bug 385982] Please use XDG spec for dirs

2017-10-24 Thread Paul
https://bugs.kde.org/show_bug.cgi?id=385982

--- Comment #5 from Paul  ---
(In reply to Ivan Čukić from comment #4)
> You can choose the exact location for both the encrypted data and the mount
> point for each of the vaults you create.
  Yes, I was aware of that. That is currently what I'm doing :)

> I would +1 a patch which allows configuring the default prefix for both.
  The ability to specify the default location would be very welcome.

-- 
You are receiving this mail because:
You are watching all bug changes.

[Plasma Vault] [Bug 385982] Please use XDG spec for dirs

2017-10-23 Thread Ivan Čukić
https://bugs.kde.org/show_bug.cgi?id=385982

--- Comment #4 from Ivan Čukić  ---
You can choose the exact location for both the encrypted data and the mount
point for each of the vaults you create.

I would +1 a patch which allows configuring the default prefix for both. I
would not approve a patch that changes the location to XDG_DATA_HOME as this is
not application data - this is user data.

-- 
You are receiving this mail because:
You are watching all bug changes.

[Plasma Vault] [Bug 385982] Please use XDG spec for dirs

2017-10-21 Thread Paul
https://bugs.kde.org/show_bug.cgi?id=385982

Paul  changed:

   What|Removed |Added

 CC||pip@gmx.com

--- Comment #3 from Paul  ---
(In reply to Nate Graham from comment #1)
> Strongly agree. I hate it when apps dump things right in ~, even when
> they're hidden.

Personally I'd like to see the ability to specify a location other than the
default, even if it was only via a manual edit of a *rc file.

-- 
You are receiving this mail because:
You are watching all bug changes.

[Plasma Vault] [Bug 385982] Please use XDG spec for dirs

2017-10-20 Thread Nate Graham
https://bugs.kde.org/show_bug.cgi?id=385982

--- Comment #2 from Nate Graham  ---
Cryptodude, would you like to submit a patch for this on phabricator.kde.org?
If you've never done it before, I can help guide you through the process.

-- 
You are receiving this mail because:
You are watching all bug changes.

[Plasma Vault] [Bug 385982] Please use XDG spec for dirs

2017-10-20 Thread Nate Graham
https://bugs.kde.org/show_bug.cgi?id=385982

Nate Graham  changed:

   What|Removed |Added

 CC||pointedst...@zoho.com

--- Comment #1 from Nate Graham  ---
Strongly agree. I hate it when apps dump things right in ~, even when they're
hidden.

-- 
You are receiving this mail because:
You are watching all bug changes.