El dijous, 7 de juliol de 2016, a les 12:36:26 CEST, Thomas Pfeiffer va escriure: > Hi everyone, > I'm addressing both the Plasma team and kde-devel because this issue affects > Plasma as well as many applications, and Valentin as the current maintainer > of KWallet as well as KSecretService, a potential replacement for it. > > KWallet plays a central role in Plasma and many KDE applications as the > central password storage. However, it being very old and not having been > actively developed for a long time, it has lots of problems, including: > > - It has weak security, as it does not restrict applications accessing it by > default, and even when it does, it does so simply based on application name > which allows any malicious process to impersonate an allowed one
This is basically because "Linux sucks" and no other solution different than kwallet can do it better unless you go to a "full lockdown" mode of who and how you can start applications (i.e. like on the Ubuntu Phone only upstart can start applications). Yes, it is unfortunate but it has to do with the fact that we don't control the OS we run on. Cheers, Albert _______________________________________________ Plasma-devel mailing list Plasma-devel@kde.org https://mail.kde.org/mailman/listinfo/plasma-devel
