Package: roger-router Version: 1.8.9-3 Severity: normal Tags: upstream The package saves encrypted passwords if the necessary key manager is installed and running (this can be either gnome-keyring or the kwallet package). But it is possible that the password will be saved in plaintext if those conditions are not met. The user can easily verify the existence of any plaintext passwords via
"dconf dump /org/tabos/routermanager/|grep pass" If desired, the whole configuration can be dropped, including the password via "dconf reset -f /org/tabos/". The Debian package should do better in protecting the password at all times. One of the difficulties is that the password managers rely on X, whereas the goal of the CLI package is to provide support even in headless environments. Even after fixing this issue going forward, one thing to keep in mind as well is how to deal with passwords already stored in plaintext. Should the user be warned and if so, how? Should they be erased? After the above difficulties have been sorted out and tested, appropriate runtime dependencies on "gnome-keyring|kwallet" ought to be added. http://de.tabos.org/forum/viewtopic.php?f=6&t=3749 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
