Re: The situation of KWallet, and what to do about it?
- Date: Thu, 14 Jul 2016 01:16:20 +0200
- From: Albert Astals Cid <aacid@xxxxxxx>
- Subject: Re: The situation of KWallet, and what to do about it?
El dijous, 7 de juliol de 2016, a les 12:36:26 CEST, Thomas Pfeiffer va
> Hi everyone,
> I'm addressing both the Plasma team and kde-devel because this issue affects
> Plasma as well as many applications, and Valentin as the current maintainer
> of KWallet as well as KSecretService, a potential replacement for it.
> KWallet plays a central role in Plasma and many KDE applications as the
> central password storage. However, it being very old and not having been
> actively developed for a long time, it has lots of problems, including:
> - It has weak security, as it does not restrict applications accessing it by
> default, and even when it does, it does so simply based on application name
> which allows any malicious process to impersonate an allowed one
This is basically because "Linux sucks" and no other solution different than
kwallet can do it better unless you go to a "full lockdown" mode of who and
how you can start applications (i.e. like on the Ubuntu Phone only upstart can
Yes, it is unfortunate but it has to do with the fact that we don't control
the OS we run on.