Re: ANN: Release of NetworkManager 0.8.996 (0.9.0-beta2)

[Dan Williams <dcbw redhat com>]

On Fri, 2011-03-11 at 20:04 +0300, Mikhail Efremov wrote:
> On Thu, 10 Mar 2011 11:00:43 -0600 Dan Williams wrote:
> > I've tagged and uploaded 0.8.996 which has a number of fixes:
> 
> Could you explain how the secret agent in nm-applet should work?
> I guess that users' secrets should be stored in some storage like
> gnome-keyring, but now I see that WPA passphrase (as an example) is
> written to the file by keyfile plugin as a plain text. Do I misunderstand
> something or it is just not completed yet?

At the moment, 0.8 imported connection secrets are marked "agent owned"
which means that NM will ask nm-applet for those secrets.  New
connections from the menu default to system-wide and thus the secrets
are stored in the keyfiles, more closely aligned with what other OSes
do, for better or worse.  If an applet (nm-applet or
nm-connection-editor or whatever) wants secrets stored in gnome-keyring
or in the user's session it can set the secrets flags when it creates
the connection, or it can modify the flags afterwards via Update().

This isn't all 100% thought out yet, so suggestions on how to handle
initial stuff like this, as well as later behavior would be great to
discuss.  I've thought of various approaches like intelligent defaults
(VPN connections should default to user-secrets and should be visible
only to the owner for example) and maybe a right-click menu in editors
for picking where to store the secrets.

But I think it's possible to have some intelligent defaults here, and
those likely include defaulting to system-wide secrets for most types.
There are clearly more personal secrets: VPN passwords, 802.1x user
passwords, etc.  But I think it's hard to argue that keeping a WiFi
passphrase in the user session is worthwhile in most cases...

Thoughts?

Dan