Review Request: kio_http: fix keepalive timeout parsing

--- This is an automatically generated e-mail. To reply, visit: http://git.reviewboard.kde.org/r/102822/ --- Review request for kdelibs, Andreas Hartmetz and Dawit Alemayehu. Descript

Re: Security Audit Request for Screenlocker Branch

On Sun, Oct 9, 2011 at 14:02, Martin Gräßlin wrote: > I want to request a security audit for the changes to ensure that the new > implementation is as secure as the existing one and that I did not forget an > important case which would compromise the security. > > The general concept of the new scr

Re: Review Request: kio_http: fix keepalive timeout parsing

> Testing > --- > > -Patched code compiles > -Hacked a web server and made tests against following keep-alive header > variants: > "Keep-Alive: timeout=5, max=99" > "Keep-Alive: Timeout=5, max=99" (uppercase 'T') > "Keep-Alive: Timeout=5 , max=99"(extra space before comma) I don't k

Re: Security Audit Request for Screenlocker Branch

On Sunday, October 09, 2011 20:02:27 Martin Gr��lin wrote: > Hi all, > > as you might know we have been working on moving the screenlocker from > KRunner to KWin and passed the control to the compositor (iff > compositing is active) to ensure that nothing which should not be > shown gets visible.

Re: Re: Security Audit Request for Screenlocker Branch

On Monday 10 October 2011 20:02:07 Parker Coates wrote: > On Sun, Oct 9, 2011 at 14:02, Martin Gräßlin wrote: > > I want to request a security audit for the changes to ensure that the new > > implementation is as secure as the existing one and that I did not forget > > an important case which would

Re: Security Audit Request for Screenlocker Branch

On Tuesday 11 October 2011 14.55.29 Martin Gräßlin wrote: > On Monday 10 October 2011 20:02:07 Parker Coates wrote: > > On Sun, Oct 9, 2011 at 14:02, Martin Gräßlin wrote: > > > I want to request a security audit for the changes to ensure that > > > the new implementation is as secure as the existi

Re: Re: Security Audit Request for Screenlocker Branch

On Tuesday 11 October 2011 15:33:39 Torgny Nyblom wrote: > On Tuesday 11 October 2011 14.55.29 Martin Gräßlin wrote: > > On Monday 10 October 2011 20:02:07 Parker Coates wrote: > > > On Sun, Oct 9, 2011 at 14:02, Martin Gräßlin wrote: > > > > I want to request a security audit for the changes to en

Re: Security Audit Request for Screenlocker Branch

Am Tue, 11 Oct 2011 15:33:39 +0200 schrieb Torgny Nyblom : > Does this mean that I will be focred to use a screensaver with > password unlock? If so why is that not a vaild usecase? It's what I > use at home all the time. "Why that?" xdpms saves you power (and screen, if that would be any necessa

Re: Re: Security Audit Request for Screenlocker Branch

On Tuesday 11 October 2011 16:06:11 Andras Mantia wrote: > From here: > "If KWin crashes without restarting privacy is leaked but the system is > hardly useable due to missing window manager. This situation can savely > be ignored as a corner case as KWin normaly restart." > > This is not true, th

Re: Security Audit Request for Screenlocker Branch

Am Tue, 11 Oct 2011 16:00:17 +0200 schrieb Martin Gräßlin : > On Tuesday 11 October 2011 16:06:11 Andras Mantia wrote: > > This is not true, the system can be used without a window manager > > and if you happen to have a running terminal or start one, it is > > possible to start a new window manag

Re: Re: Security Audit Request for Screenlocker Branch

On Tuesday 11 October 2011 16:33:39 you wrote: > Once the screen locker crashes, security must be assumed > broken (if only by visual access). > Therefore the locker must not crash full ack, we have to be at 0 crashes in KWin (which has to be our goal for Wayland anyway ;-) > and if it does, re-es

Re: Security Audit Request for Screenlocker Branch

On Tue, Oct 11, 2011 at 03:55:15PM +0200, Thomas Lübking wrote: > Am Tue, 11 Oct 2011 15:33:39 +0200 schrieb Torgny Nyblom : > > Does this mean that I will be focred to use a screensaver with > > password unlock? If so why is that not a vaild usecase? It's what I > > use at home all the time. > >

Re: Security Audit Request for Screenlocker Branch

Am Tue, 11 Oct 2011 17:00:46 +0200 schrieb Martin Gräßlin : > that is a good suggestion. I will think about how I can add that. > Though if someone breaks by crashing kwin he is also able to remove > any log. So this could be just snakeoil. He'll be able to click away the message, yes. But unless

Re: Re: Security Audit Request for Screenlocker Branch

On Tuesday 11 October 2011 17:47:13 you wrote: > Am Tue, 11 Oct 2011 17:00:46 +0200 > > schrieb Martin Gräßlin : > > that is a good suggestion. I will think about how I can add that. > > Though if someone breaks by crashing kwin he is also able to remove > > any log. So this could be just snakeoil.

Re: Security Audit Request for Screenlocker Branch

On Tuesday, October 11, 2011 16:33:39 Thomas L�bking wrote: > Also it's not required to have the terminal on top of the stack - i've > always been very successful abusing MMB c&p to clickpaste me any > command i wanted ;-) Seems I'm not alone doing that. :) Andras

Re: Security Audit Request for Screenlocker Branch

Am Tue, 11 Oct 2011 17:34:10 +0200 schrieb Oswald Buddenhagen : > "because it's pretty"? "Sink me, I say!" -- Blakeney, Wooster - and it's even a "poem" I however prefer to be present when the pretties show up (see att.) Cheers, Thomas matrix Description: Binary data

Re: Re: Security Audit Request for Screenlocker Branch

On Tuesday 11 October 2011 17:34:10 Oswald Buddenhagen wrote: > On Tue, Oct 11, 2011 at 03:55:15PM +0200, Thomas Lübking wrote: > > Am Tue, 11 Oct 2011 15:33:39 +0200 schrieb Torgny Nyblom : > > > Does this mean that I will be focred to use a screensaver with > > > password unlock? If so why is tha

Screensaver to be or not to be (was: Re: Security Audit Request for Screenlocker Branch)

On Tuesday 11 October 2011 15.55.15 you wrote: > Am Tue, 11 Oct 2011 15:33:39 +0200 > > schrieb Torgny Nyblom : > > Does this mean that I will be focred to use a screensaver with > > password unlock? If so why is that not a vaild usecase? It's what I > > use at home all the time. > > "Why that?"

Re: Screensaver to be or not to be (was: Re: Security Audit Request for Screenlocker Branch)

On Tuesday 11 October 2011 18:02:32 Torgny Nyblom wrote: > On Tuesday 11 October 2011 15.55.15 you wrote: > > Am Tue, 11 Oct 2011 15:33:39 +0200 > > > > schrieb Torgny Nyblom : > > > Does this mean that I will be focred to use a screensaver with > > > password unlock? If so why is that not a vaild

Re: Screensaver to be or not to be (was: Re: Security Audit Request for Screenlocker Branch)

On Tuesday 11 October 2011 19.52.36 Martin Gräßlin wrote: > On Tuesday 11 October 2011 18:02:32 Torgny Nyblom wrote: > > On Tuesday 11 October 2011 15.55.15 you wrote: > > > Am Tue, 11 Oct 2011 15:33:39 +0200 > > > > > > schrieb Torgny Nyblom : > > > > Does this mean that I will be focred to use a

Re: Screensaver to be or not to be (was: Re: Security Audit Request for Screenlocker Branch)

Am Tue, 11 Oct 2011 18:02:32 +0200 schrieb Torgny Nyblom : > Screensaver is bling only No, "screensaver hacks are bling only", a "screensaver" is a software relic. The key aspect is "when and why is there eye-candy". You can still run all scsreensavers to look at them, they're just ordinary single

Re: Security Audit Request for Screenlocker Branch

On Tuesday 11 October 2011, Martin Gräßlin wrote: > On Tuesday 11 October 2011 16:06:11 Andras Mantia wrote: > > From here: > > "If KWin crashes without restarting privacy is leaked but the system is > > hardly useable due to missing window manager. This situation can savely > > be ignored as a cor

Re: Re: Screensaver to be or not to be (was: Re: Security Audit Request for Screenlocker Branch)

On Tuesday 11 October 2011 20:12:39 Torgny Nyblom wrote: > On Tuesday 11 October 2011 19.52.36 Martin Gräßlin wrote: > > On Tuesday 11 October 2011 18:02:32 Torgny Nyblom wrote: > > > On Tuesday 11 October 2011 15.55.15 you wrote: > > > > Am Tue, 11 Oct 2011 15:33:39 +0200 > > > > > > > > schrieb T

Re: Re: Security Audit Request for Screenlocker Branch

On Tuesday 11 October 2011 21:06:13 Alexander Neundorf wrote: > On Tuesday 11 October 2011, Martin Gräßlin wrote: > > On Tuesday 11 October 2011 16:06:11 Andras Mantia wrote: > > > From here: > > > "If KWin crashes without restarting privacy is leaked but the system is > > > hardly useable due to m

Re: Security Audit Request for Screenlocker Branch

Am Tue, 11 Oct 2011 21:06:13 +0200 schrieb Alexander Neundorf : > You can also switch to a text-mode console (Ctrl+F1 etc), set > DISPLAY, and start the window manager there. Errr... "no". In case there's an open VT and chvt is permitted, it's completely pointless to lock the screen, since the chv

Re: Security Audit Request for Screenlocker Branch

On Tue, Oct 11, 2011 at 9:06 PM, Alexander Neundorf wrote: > On Tuesday 11 October 2011, Martin Gräßlin wrote: >> On Tuesday 11 October 2011 16:06:11 Andras Mantia wrote: >> > From here: >> > "If KWin crashes without restarting privacy is leaked but the system is >> > hardly useable due to missing

Re: Security Audit Request for Screenlocker Branch

On Tuesday 11 October 2011, Thomas Lübking wrote: > Am Tue, 11 Oct 2011 15:33:39 +0200 > > schrieb Torgny Nyblom : > > Does this mean that I will be focred to use a screensaver with > > password unlock? If so why is that not a vaild usecase? It's what I > > use at home all the time. > > "Why that

Re: Security Audit Request for Screenlocker Branch

On Tuesday 11 October 2011, todd rme wrote: > On Tue, Oct 11, 2011 at 9:06 PM, Alexander Neundorf wrote: > > On Tuesday 11 October 2011, Martin Gräßlin wrote: > >> On Tuesday 11 October 2011 16:06:11 Andras Mantia wrote: > >> > From here: > >> > "If KWin crashes without restarting privacy is leak

Re: Security Audit Request for Screenlocker Branch

Am Tue, 11 Oct 2011 21:42:10 +0200 schrieb Ingo Klöcker : > Until recently I used to believe this. Unfortunately, it's not true. > At work we have several (well, at least two) TFTs which have the line > edit of the login screen burned in. It's clearly visible before a > dark gray mono-colored back

Re: Screensaver to be or not to be (was: Re: Security Audit Request for Screenlocker Branch)

On Tuesday, October 11, 2011 20:54:42 Thomas Lübking wrote: > BUT: running them automatically because you're away and the system is > idle is simply not a justifiable (anymore) With all due respect, and with full agreement that screen savers are not in general required to *protect the screen*... w

[proposal] KSecretsService components moving from playground

Hello, As KSecretsService becomes quite usable, I think it's time to prepare to get it integrated into the next release. http://techbase.kde.org/Schedules/KDE4/4.8_Release_Schedule The code is not yet fully mature, all the components are not yet finished, but the main parts are there and it i

Re: [proposal] KSecretsService components moving from playground

>On 11 October 2011 18:24, Valentin Rusu wrote: > Hello, > > As KSecretsService becomes quite usable, I think it's time to prepare to get > it integrated into the next release. > http://techbase.kde.org/Schedules/KDE4/4.8_Release_Schedule > > The code is not yet fully mature, all the components ar

Re: [proposal] KSecretsService components moving from playground

On 10/12/2011 12:53 AM, Steven Sroka wrote: The code is not yet fully mature, all the components are not yet finished, but the main parts are there and it is now possible to have secrets stored in KSecretsService and konqi or microblog successfully getting them upon session start. There is a chec

Re: Screensaver to be or not to be (was: Re: Security Audit Request for Screenlocker Branch)

Am Tue, 11 Oct 2011 17:47:52 -0400 schrieb Michael Pyne : > On Tuesday, October 11, 2011 20:54:42 Thomas Lübking wrote: > > BUT: running them automatically because you're away and the system > > is idle is simply not a justifiable (anymore) > > With all due respect, and with full agreement that s

Re: Screensaver to be or not to be (was: Re: Security Audit Request for Screenlocker Branch)

On Wednesday, October 12, 2011 02:12:55 Thomas Lübking wrote: > Am Tue, 11 Oct 2011 17:47:52 -0400 schrieb Michael Pyne : > > On Tuesday, October 11, 2011 20:54:42 Thomas Lübking wrote: > > > BUT: running them automatically because you're away and the system > > > is idle is simply not a justifiabl

Re: Review Request: kio_http: fix keepalive timeout parsing

--- This is an automatically generated e-mail. To reply, visit: http://git.reviewboard.kde.org/r/102822/#review7251 --- kioslave/http/http.cpp

Re: Screensaver to be or not to be (was: Re: Security Audit Request for Screenlocker Branch)

On Tuesday 11 October 2011 21.11.03 Martin Gräßlin wrote: > On Tuesday 11 October 2011 20:12:39 Torgny Nyblom wrote: [...] > > But you also said that the screensaver without locking was going away in > > 4.9. This is what I'm against. > > As Thomas wrote you will always be able to run any animatio

Re: Screensaver to be or not to be (was: Re: Security Audit Request for Screenlocker Branch)

On Tuesday 11 October 2011 20.54.42 Thomas Lübking wrote: > Am Tue, 11 Oct 2011 18:02:32 +0200 > > schrieb Torgny Nyblom : > > Screensaver is bling only > > No, "screensaver hacks are bling only", a "screensaver" is a > software relic. (Semantics) > The key aspect is "when and why is there eye-