Hi Albrecht: On 03/02/2020 04:12:23 PM Mon, Albrecht Dreß wrote:
Hi all,the configure option <snip> --with-libsecret Link to libsecret instead of gnome-keyring (default=no) </snip> is actually *wrong*, as gnome-keyring has been deprecated. Thus, if a user follows this comment only (the README is actually correct), the resulting binary will store obfuscated passwords in ~/.balsa/config-private which is typically a questionable (at best) idea. I suggest - to make using libsecret the default and - print a warning if the user explicitly wants to disable it. The attached patch (untested for Meson) fixes the confusion. We might also want to ensure that the password (or all passwords) is erased from config-private (see the comment in libbalsa/server.c, line 359ff.) when accessing libsecret was successful. Opinions? Best, Albrecht.
Thanks for the patch--looks good to me! Feel free to commit. Peter
pgp2_UKNhjdkh.pgp
Description: PGP signature
_______________________________________________ balsa-list mailing list balsa-list@gnome.org https://mail.gnome.org/mailman/listinfo/balsa-list
