I just checked, apparantly the bug has been fixed upstream about a year ago...
I tested it locally and I can't seem to find the password stored locally
anywhere.
** Changed in: rhythmbox (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to rhythmbox in Ubuntu.
https://bugs.launchpad.net/bugs/42686
Title:
audioscrobbler password saved as plaintext in gconf
Status in The Rhythmbox Music Management Application:
Expired
Status in “rhythmbox” package in Ubuntu:
Fix Released
Bug description:
When saving a password for audioscrobbler, it is saved in .gconf
unencoded. It appears in
/home/kevinly/.gconf/apps/rhythmbox/audioscrobbler/%gconf.xml
I realize that you should use different password for different
websites, but some may inadvertantly set the user's (and thus su)
password for their audioscrobbler password.
A better option would be to store the md5 of the password instead
since that is all last.fm requires for authorization. An optimal
solution may be to use gnome-keyring instead of gconf.
To manage notifications about this bug go to:
https://bugs.launchpad.net/rhythmbox/+bug/42686/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
