On Fri, May 29, 2015 at 08:13:44AM +0100, Long, Martin wrote: > A little feedback: > > Advanced mode - I'd most likely use this. I think this is quite important, > and opens up the possibility or using Github, Bitbucket, or privately > hosted git repos. > > You keep saying "PIN". Could that actually be any passphrase? i.e. why > limit it to numbers, or limit the length? I'd typically use a random string > generated by Lastpass.
I say "PIN" because I want it to sound easy to users. This /IS/ the private key passphrase. > How about https with auth? I know it's not intended for use in a corporate > environment, but some people could have trouble with SSH through firewalls. Because Subsurface clearly is something that people are running in their corporate environment. My goal is to implement something that will work for most people in a typical scenario. Https means I need to get yet another random number that I pay a lot of money for. On top of the server that I pay for. The bandwidth that I pay for. And in the case of this remote storage idea, I guess the storage I pay for. If you would like to contribute the code that makes this work seamlessly with https on github, be my guess, your contributions will be gladly accepted. If I can get this to work with ssh and my infrastructure I'll be thrilled and I'll call it a major new feature in 4.5 > Also, wouldn't this be a simpler option than downloading and decrypting > keys (which seems to somewhat defeat the purpose of using PKI in the first > place, as it has essentially become username/password auth). I repeat. Goal #1 is to make this trivially easy for users. Anyone who cares about security, privacy, PKI, whatever, please don't use this. Any project that tells the average diver "create an ssh key pair, create a github account, install your public key on github, select your private key in Subsurface, add your github account information and look how easy it is to use this" is seriously confused. Have you looked at the level of questions we are getting from users? /D _______________________________________________ subsurface mailing list subsurface@subsurface-divelog.org http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface
