Re: [patch] first pass at gnome-keyring support, baby.
- From: David Zeuthen <davidz redhat com>
- To: Colin Walters <walters verbum org>
- Cc: networkmanager-list gnome org
- Subject: Re: [patch] first pass at gnome-keyring support, baby.
- Date: Wed, 22 Jun 2005 23:49:24 -0400
On Wed, 2005-06-22 at 22:20 -0400, Colin Walters wrote:
> On Wed, 2005-06-22 at 22:02 -0400, Robert Love wrote:
> > Attached patch adds support for gnome-keyring to nm-applet and stores
> > the essid key encrypted in the keyring instead of cleartext in gconf.
> > It is a first pass, but it seems to work well .
> > One issue is it causes the gnome-keyring "decrypt your keyring" dialog
> > to pop up as soon as the applet loads (presuming that your keyring is
> > not already decrypted, of course).
> Offtopic, but IMO we should just get rid of that dialog
Which requires automatically unlocking the keyring when the user logs in
which is non-trivial at best. It's also highly OS/distribution specific.
> (and the whole
> keyring access control). It is a pretty small barrier versus a
> compromised application, confusing to users, and it's also annoying.
I concur that the "allow application XYZ to access item ABC" dialog
should be removed in gnome-keyring proper (maybe a setting but default
to off). Apple does have this one but I really really doubt it is useful
at all. However, I'm pretty sure we want someway to control that e.g. a
compromised application which is not /usr/libexec/nm-applet cannot read
your WEP pass phrases from your keyring, no?
So, I guess my point is that we shouldn't care too much about annoying
gnome-keyring dialogs at this point. Not that it doesn't matter, cause
it does, however all that work is elsewhere really.
] [Thread Prev