Re: [patch] first pass at gnome-keyring support, baby.



On Wed, 2005-06-22 at 22:20 -0400, Colin Walters wrote:
> On Wed, 2005-06-22 at 22:02 -0400, Robert Love wrote:
> > Attached patch adds support for gnome-keyring to nm-applet and stores
> > the essid key encrypted in the keyring instead of cleartext in gconf.
> > 
> > It is a first pass, but it seems to work well [1].
> > 
> > One issue is it causes the gnome-keyring "decrypt your keyring" dialog
> > to pop up as soon as the applet loads (presuming that your keyring is
> > not already decrypted, of course). 
> 
> Offtopic, but IMO we should just get rid of that dialog 

Which requires automatically unlocking the keyring when the user logs in
which is non-trivial at best. It's also highly OS/distribution specific.

> (and the whole
> keyring access control).  It is a pretty small barrier versus a
> compromised application, confusing to users, and it's also annoying.

I concur that the "allow application XYZ to access item ABC" dialog
should be removed in gnome-keyring proper (maybe a setting but default
to off). Apple does have this one but I really really doubt it is useful
at all. However, I'm pretty sure we want someway to control that e.g. a
compromised application which is not /usr/libexec/nm-applet cannot read
your WEP pass phrases from your keyring, no?

So, I guess my point is that we shouldn't care too much about annoying
gnome-keyring dialogs at this point. Not that it doesn't matter, cause
it does, however all that work is elsewhere really.

    David





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]