https://bugs.kde.org/show_bug.cgi?id=428146
--- Comment #9 from Matthew Schultz <matt...@gmail.com> --- (In reply to Dawid Wróbel from comment #7) > @Jack, indeed, this is something I thought about already before and the only > potential solution going forward. > > The problem here, however, is that *even* if we had e.V. willing to work > with us on that, only the binary distributables could offer this > functionality. This is because when registering with 3rd party financial > institutions, you need to provide them with a set of crypto keys, which they > in turn use to confirm the authenticity of the client software accessing > their APIs. Such requirement is mandated by the PSD2 and quite surely FDX, > given how this is effectively the only sane way to restrict the bad actors > from attempting to exploit their APIs' inevitable vulnerabilities. > > Now, such signing would obviously not be otherwise possible for any free (as > in speech) Linux distribution that only provides packages built by > themselves (e.g. Debian), since they would naturally have no access to KDE > e.V.'s unique keys to sign their own binaries with. For any other > distribution, KDE-provided binaries would automatically land in the > "Non-free" repository. > > So, in conclusion, this full functionality would only be offered by the > pre-compiled KMyMoney distributables, which may or may not go against the > KDE foundation's core principles. I can see, however, how offering a > financial software offering a privacy-protection *and* the ownership of ones > financial data also fulfills foundation's core manifesto. So this case could > fall under the "necessary evil", especially that the heightened requirements > imposed by the financial regulations are no-nonsense and designed with > security in mind. Thanks for the explanation. So can this bug be kept open until this is resolved or is there a more appropriate place (forum or another bug ticket?) to follow the status of offering a crypto key signed kmymoney binary? -- You are receiving this mail because: You are watching all bug changes.
