Hi all,
the configure option
<snip>
--with-libsecret Link to libsecret instead of gnome-keyring
(default=no)
</snip>
is actually *wrong*, as gnome-keyring has been deprecated. Thus, if a user follows this comment only (the
README is actually correct), the resulting binary will store obfuscated passwords in ~/.balsa/config-private
which is typically a questionable (at best) idea.
I suggest
- to make using libsecret the default and
- print a warning if the user explicitly wants to disable it.
The attached patch (untested for Meson) fixes the confusion.
We might also want to ensure that the password (or all passwords) is erased from config-private (see the
comment in libbalsa/server.c, line 359ff.) when accessing libsecret was successful.
Opinions?
Best,
Albrecht.Attachment:
fix-libsecret-option.txt
Description: Text document
Attachment:
pgpsf84US0Ct7.pgp
Description: PGP signature